Office 365 With Federated Authentication, Identities In Active Directory
Back to [[Windows Azure Active Directory Solutions For Developers]]
Scenario
In this scenario you you required to enable single sign-on (SSO) for your Office 365 service integrating with corporate Active Directory (AD).
- Office 365.
- Users are managed in corporate Active Directory (AD).
- Need to provide SSO for corporate users to allow them using their corporate accounts to log on to Office 365 services.
Solution Approach
Active Directory Federation Services (AD FS) used to solve this scenario.
- AD FS is used as a Security Token Service (STS).
- When inside corporate walls end user is authenticated using AD during the log on to his workstation. When accessing Office 365 services there are series of redirects, seamless to end user, that result in AD FS issuing a token that is validated by Office 365.
- When outside corporate walls end user is authenticated using web form provided by AD FS. AD FS accepts credentials and validates them against AD. Upon successful authentication end user is redirected to Office 365 service.
Analysis
This is not pure developer scenario as it does not require coding rather pure system configurations.
How To's
- Prepare for single sign-on.
- Plan for and deploy Active Directory Federation Services 2.0 for use with single sign-on
- Install and configure the Microsoft Online Services Module for Windows PowerShell for single sign-on
- Add your domain to Office 365
- Verify a domain at any domain name registrar
- Verify and manage single sign-on
- Manage directory synchronization
Code Samples
- N/A