Office 365 has the support for federated identity and can be configured with AD FS 2.0 to allow the SSO access for the Active Directory accounts. In this recipe, we will walk through the steps to configure AD FS 2.0 for Office 365.
Following are the prerequisites:
- The Microsoft Online Services Directory Synchronization tool, which can be downloaded from http://www.microsoft.com/download/en/details.aspx?id=5535
- Set up your desktop for Office 365 (learn more at http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637594.aspx)
- Microsoft Online Services Module, which can be downloaded from http://onlinehelp.microsoft.com/Office365-enterprises/ff652560.aspx#BKMK_DownloadTheMOSIdentityFederationTool
- Valid Office 365 account
- Run the Microsoft Office 365 Deployment Readiness Tool from http://community.office365.com/en-us/f/183/p/2285/8155.aspx#8155 to verify if your enterprise Active Directory is ready for SSO
To integrate AD FS 2.0 with Office 365, perform the following steps:
- To enable Identity Federation in the Office 365 portal, launch Identity Federation Management Tool and enter the following command:
$cred=Get-Credential- In the Windows PowerShell Credential Request dialog box, enter your Office 365 Administrator account user name and password in the User name and Password fields respectively and hit Enter.
- To log in to the online service, enter the following command:
Set-MSOLContextcredential –msolAdminCredentials $cred - To add a domain in the portal, enter the following command:
Add-MSOLFederatedDomain –domainname adfsweb.domain.com To update- To update a domain in the portal, enter the following command:
Convert-MSOLDomainToFederated –domainname adfsweb.domain.com Update-MSOLFederatedDomain –domainname adfsweb.domain.com- This will update and activate SSO and configure the federation server with the Microsoft Federation Gateway information.
- Set up a federation server proxy to broker the communication between Microsoft Online Services and the federation server.
Once you have successfully enabled SSO in the Office 365 portal, you will notice that the password field gets disabled, the moment you enter your UPN in the portal login page. A link to log in to the federation server is activated. You have now successfully set up AD FS 2.0 for Office 365.
You can use Directory Synchronization to synchronize the Active Directory user information with Office 365. Learn more on this in the TechNet blog by GregK at http://blogs.technet.com/b/educloud/archive/2011/10/02/curious-greg-builds-a-lab-part-ii.aspx.
A step-by-step guide on planning and configuring AD FS 2.0 with Office 365 is provided by Tim Harrington in his article at http://blogs.catapultsystems.com/tharrington/archive/2011/04/01/active-directory-federation-services-adfs-2-0-with-office-365-part-1- -planning.aspx.