Checklist: Use AD FS to implement and manage single sign-on
Updated: June 25, 2015
Applies To: Azure, Office 365, Power BI, Windows Intune
Note
This topic might not be completely applicable to users of Microsoft Azure in China. For more information about Azure service in China, see windowsazure.cn.
The following are instructions for administrators of a Microsoft cloud service who want to provide their Active Directory users with single sign-on experience by using Active Directory Federation Services (AD FS) as their preferred security token service (STS). In order to set up your on-premises STS using AD FS, complete the following steps.
.gif "Checklist")
Checklist: Use AD FS to implement and manage single sign-on
| Deployment task | Links to topics in this section | Completed |
|---|---|---|
1. Prepare for implementing SSO. |
.gif "Checkbox") |
|
2. Review the AD FS terminology. |
|
|
3. Plan your AD FS deployment. |
|
|
4. Review the requirements for deploying AD FS. |
|
|
5. Prepare your network infrastructure for federation servers. |
|
|
6. Deploy your federation server farm. Depending on the version of AD FS that you want to use, complete the tasks in either of these checklists. |
Checklist: Deploy your federation server farm on Windows Server 2012 R2 or Checklist: Deploy your federation server farm on legacy versions of Windows Server |
|
7. Prepare your network infrastructure for configuring extranet access. |
Prepare your network infrastructure for configuring extranet access |
|
8. Configure extranet access. Depending on the version of AD FS that you want to use, complete the tasks outlined in either the following topic or checklist. |
Configure extranet access for AD FS on Windows Server 2012 R2 or Checklist: Configure extranet access for AD FS on legacy versions of Windows Server |
|
9. Install Windows PowerShell for SSO with AD FS. |
|
|
10. Set up a trust between AD FS and Azure AD. |
|
|
11. Enabling auditing for AD FS. Warning This is an optional step. |
Enabling auditing for AD FS might be beneficial in situations in which you place a high value on the security of your identity deployment and prefer to monitor it closely for suspicious or unintended activity. The process of enabling auditing for AD FS requires changes that you make using the Local Security Policy snap-in for your federation server as well as changes in the Service properties that you set using the AD FS Management console. For more information, see the “Configure Auditing for AD FS 2.0” section in Configuring Computers for Troubleshooting AD FS 2.0 |
|
12. Set up Active Directory synchronization. |
|
|
13. Verify and manage your SSO implementation with AD FS. |
|
For more information, see Additional AD FS References.