Checklist: Use AD FS to implement and manage single sign-on

Updated: June 25, 2015

Applies To: Azure, Office 365, Power BI, Windows Intune

Note

This topic might not be completely applicable to users of Microsoft Azure in China. For more information about Azure service in China, see windowsazure.cn.

The following are instructions for administrators of a Microsoft cloud service who want to provide their Active Directory users with single sign-on experience by using Active Directory Federation Services (AD FS) as their preferred security token service (STS). In order to set up your on-premises STS using AD FS, complete the following steps.

Checklist Checklist: Use AD FS to implement and manage single sign-on

Deployment task Links to topics in this section Completed

1. Prepare for implementing SSO.

Prepare for single sign-on

Checkbox

2. Review the AD FS terminology.

Review AD FS terminology

Checkbox

3. Plan your AD FS deployment.

Plan your AD FS deployment

Checkbox

4. Review the requirements for deploying AD FS.

Review the requirements for deploying AD FS

Checkbox

5. Prepare your network infrastructure for federation servers.

Prepare your network infrastructure for federation servers

Checkbox

6. Deploy your federation server farm. Depending on the version of AD FS that you want to use, complete the tasks in either of these checklists.

Checklist: Deploy your federation server farm on Windows Server 2012 R2 or Checklist: Deploy your federation server farm on legacy versions of Windows Server

Checkbox

7. Prepare your network infrastructure for configuring extranet access.

Prepare your network infrastructure for configuring extranet access

Checkbox

8. Configure extranet access. Depending on the version of AD FS that you want to use, complete the tasks outlined in either the following topic or checklist.

Configure extranet access for AD FS on Windows Server 2012 R2 or Checklist: Configure extranet access for AD FS on legacy versions of Windows Server

Checkbox

9. Install Windows PowerShell for SSO with AD FS.

Install Windows PowerShell for single sign-on with AD FS

Checkbox

10. Set up a trust between AD FS and Azure AD.

Set up a trust between AD FS and Azure AD

Checkbox

11. Enabling auditing for AD FS.

Warning

This is an optional step.

Enabling auditing for AD FS might be beneficial in situations in which you place a high value on the security of your identity deployment and prefer to monitor it closely for suspicious or unintended activity. The process of enabling auditing for AD FS requires changes that you make using the Local Security Policy snap-in for your federation server as well as changes in the Service properties that you set using the AD FS Management console. For more information, see the “Configure Auditing for AD FS 2.0” section in Configuring Computers for Troubleshooting AD FS 2.0

Checkbox

12. Set up Active Directory synchronization.

Directory synchronization roadmap

Checkbox

13. Verify and manage your SSO implementation with AD FS.

Verify and manage single sign-on with AD FS

Checkbox

For more information, see Additional AD FS References.

See Also

Concepts

DirSync with Single Sign-On