Export (0) Print
Expand All
4 out of 19 rated this helpful - Rate this topic

Install Windows PowerShell for single sign-on with AD FS

Published: June 8, 2012

Updated: January 27, 2014

Applies To: Office 365, Windows Azure, Windows Intune

noteNote
This topic might not be completely applicable to users of Windows Azure in China. For more information about Windows Azure service in China, see windowsazure.cn.

After you have deployed Active Directory Federation Services, the next step to set up single sign-on is to download and install the Windows Azure Active Directory Module for Windows PowerShell. Once installed, you will use these cmdlets to configure your Windows Azure AD domains as federated domains.

For more information about deploying AD FS for SSO, see Checklist: Use AD FS to implement and manage single sign-on.

The Windows Azure Active Directory Module for Windows PowerShell is a download for managing your organizations data in Windows Azure AD. This module installs a set of cmdlets to Windows PowerShell; you run those cmdlets to set up single sign-on access to Windows Azure AD and in turn to all of the cloud services you are subscribed to.

For instructions about how to download and install the cmdlets, see Windows Azure AD PowerShell

Before you set up single sign-on in your full production environment, you can also run a single sign-on pilot. See the section below for more details.

Before adding or converting a domain as a single sign-on domain, you may want to run a pilot. Performing a staged rollout of single sign-on is not currently possible; all users become federated at the same time. However, you can pilot single sign-on with a set of production users from your production Active Directory forest.

Pilot users should thoroughly test various sign-in scenarios to ensure that single sign-on (and the AD FS deployment) is correctly configured and ready to be rolled out across the entire organization. To test this, have users access the cloud service from browsers as well as rich client applications (such as Microsoft Office 2010) in the following environments:

  • From a domain-joined computer

  • From a non-domain-joined computer inside the corporate network

  • From a roaming domain-joined computer outside the corporate network

  • From the different operating systems that you use in your company

  • From a home computer

  • From an Internet kiosk (browser only)

  • From a smart phone (for example, a smart phone that uses Microsoft Exchange ActiveSync)

For more information, see How to pilot single sign-on in a production user forest.

Now that you have installed Windows PowerShell for single sign-on with AD FS, the next step is to Set up a trust between AD FS and Azure AD.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.