Export (0) Print
Expand All
2 out of 5 rated this helpful - Rate this topic

Walkthrough Guide: Workplace Join with a Windows Device

Published: June 24, 2013

Updated: August 28, 2013

Applies To: Windows Server 2012 R2



This topic demonstrates Workplace Join with your windows device and accessing a web application with single sign-on. You must complete the steps in the Set up the lab environment for AD FS in Windows Server 2012 R2 section before you can try out this walkthrough.

In this walkthrough, you access a company web application before you join your device to the workplace. The web page displays the claims that were included in your security token. Notice that the list of claims does not include any information about your device. You will also observe that you do not have single sign-on.

  1. Log on to Client1 with your Microsoft Account.

  2. Open Internet Explorer and browse to your generic claims app (https://webserv1.contoso.com/claimapp).

  3. Log on to the web page using a company domain account: roberth@contoso.com, password: P@ssword

  4. The web page lists all the claims in your security token. Only user claims are present in your security token.

  5. Close Internet Explorer.

  6. Open Internet Explorer and navigate to the same claims app (https://webserv1.contoso.com/claimapp).

  7. Notice that you are prompted to enter your credentials again. This is because you are not connecting from a Workplace-Joined device and therefore do not have single sign-on.

ImportantImportant
For Workplace Join to succeed, the client computer (Client1) must trust the SSL certificate that was used to configure AD FS in Step 2: Configure the Federation Server with Device Registration Service (ADFS1). It must also be able to validate revocation information for the certificate. If you have any issues with Workplace Join, you can view the event log on Client1.

To see the event log, open Event Viewer, expand Applications and Services Logs, expand Microsoft , expand Windows and click Workplace Join.

  1. Log on to Client1 with your Microsoft account.

  2. On the Start screen, open the Charms bar and then select the Settings charm. Select Change PC Settings.

  3. On the PC Settings page, select Network and then click Workplace.

  4. In the Enter your UserID to get workplace access or turn on device management box, type RobertH@contoso.com and then click Join.

  5. When prompted for credentials, type roberth@contoso.com, and password: P@ssword. Click OK.

  6. You should now see the message: This device has joined your workplace network.

In this part of the demonstration, you access a company web application from your Workplace-Joined device. The web page displays the claims that were included in your security token. Notice that the list of claims includes both device and user information. You will also observe that you now have single sign-on.

  1. Log on to Client1 with your Microsoft Account.

  2. Open Internet Explorer and browse to your generic claims app (https://webserv1.contoso.com/claimapp).

  3. Log on to the web page using a company, domain account: roberth@contoso.com, password: P@ssword.

  4. The web page lists claims in your security token. Your token contains both user and device claims.

  5. Close Internet Explorer.

  6. Open Internet Explorer and navigate to the same claims app (https://webserv1.contoso.com/claimapp).

  7. Notice that you are not prompted to enter your credentials again. This is because you are connecting from a Workplace-Joined device and therefore have single-sign on.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.