If you want to finish SSO implementation successful, you need to
- Install Azure Active Directory module (I like to install on ADFS server)
- Install and configure AD Connect for directory synchonization
- Convert Office 365 domain to federated authentication (with AD Connect or with PowerShell commands)
At the first place, you need to install Azure AD module in order to connect to Office 365 tenant via PowerShell. Azure AD module can be downloaded or installed via PowerShell.
Once Azure AD PowerShell installed, start and connect to your tenant with command Conect-MsolService and run following commands:
- Enable-PSRemoting (on ADFS server) / This command is mandatory because enabling remote access to ADFS server
- Set-MsolADFSContext -Computer “local FQDN of ADFS server” / In my case that is adfs-01.tech-trainer.local
! ! ! Important ! ! !
Before you do that, be aware that you MUST have same logon names on Office 365 and on-premise environment. If your domain has a different name than public Office 365 domain, you need to configure alternate UPN suffix and set to all needed users.
Also, don’t connect to Azure AD with domain account with domain which have to be federated. Use admin account with @domain.onmicrosoft.com domain.
AD Connect and change authentication method
Last step in configuring SSO is converting Office 365 domain from standard to federated authentication. You can do that with running PowerShell command
- Convert-MsolDomainToFederated -DomainName “domain name” / In my case tech-trainer.info
Also, you can configure federated authentication during AD Connect configuring.
And, that’s all! If you are successfully configured all these steps, your users will be now authenticated on on-premise domain environment using ADFS and ADFS proxy. Depend on number of users, you need to wait some amount of time to start using federated authentication.
Cheers ! ! !