Export (0) Print
Expand All
3 out of 6 rated this helpful - Rate this topic

Checklist: Use AD FS to implement and manage single sign-on

Published: June 29, 2012

Updated: January 27, 2014

Applies To: Office 365, Windows Azure, Windows Intune

noteNote
This topic might not be completely applicable to users of Windows Azure in China. For more information about Windows Azure service in China, see windowsazure.cn.

ImportantImportant
There is currently an issue with AD FS in Windows Server 2012 R2 which causes domain joined Windows XP and Windows Vista computers running non-email rich clients (such as Lync 2010/2013, Word/PowerPoint/Excel 2013) to be unable to authenticate from the extranet (through the Web Application Proxy).  We plan to make the fix available in early Q1 2014 via Windows Update and Windows Server Update Services channels.

The following are instructions for administrators of a Microsoft cloud service who want to provide their Active Directory users with single sign-on experience by using Active Directory Federation Services (AD FS) as their preferred security token service (STS). In order to set up your on-premises STS using AD FS, complete the following steps.

Checklist Checklist: Use AD FS to implement and manage single sign-on

 

Deployment task Links to topics in this section Completed

1. Prepare for implementing SSO.

Prepare for single sign-on

Checkbox

2. Review the AD FS terminology.

Review AD FS terminology

Checkbox

3. Plan your AD FS deployment.

Plan your AD FS deployment

Checkbox

4. Review the requirements for deploying AD FS.

Review the requirements for deploying AD FS

Checkbox

5. Prepare your network infrastructure for federation servers.

Prepare your network infrastructure for federation servers

Checkbox

6. Deploy your federation server farm. Depending on the version of AD FS that you want to use, complete the tasks in either of these checklists.

Checklist: Deploy your federation server farm on Windows Server 2012 R2 or Checklist: Deploy your federation server farm on legacy versions of Windows Server

Checkbox

7. Prepare your network infrastructure for configuring extranet access.

Prepare your network infrastructure for configuring extranet access

Checkbox

8. Configure extranet access. Depending on the version of AD FS that you want to use, complete the tasks outlined in either the following topic or checklist.

Configure extranet access for AD FS on Windows Server 2012 R2 or Checklist: Configure extranet access for AD FS on legacy versions of Windows Server

Checkbox

9. Install Windows PowerShell for SSO with AD FS.

Install Windows PowerShell for single sign-on with AD FS

Checkbox

10. Set up a trust between AD FS and Windows Azure AD.

Set up a trust between AD FS and Azure AD

Checkbox

11. Enabling auditing for AD FS.

WarningWarning
This is an optional step.

Enabling auditing for AD FS might be beneficial in situations in which you place a high value on the security of your identity deployment and prefer to monitor it closely for suspicious or unintended activity. The process of enabling auditing for AD FS requires changes that you make using the Local Security Policy snap-in for your federation server as well as changes in the Service properties that you set using the AD FS Management console. For more information, see the “Configure Auditing for AD FS 2.0” section in Configuring Computers for Troubleshooting AD FS 2.0

Checkbox

12. Set up Active Directory synchronization.

Directory synchronization roadmap

Checkbox

13. Verify and manage your SSO implementation with AD FS.

Verify and manage single sign-on with AD FS

Checkbox

For more information, see Additional AD FS References.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.