Forum Discussion
Plan to Test ADFS SSO with Production O365 and to enable Federation in Production Azure Portal
Hi Team,
I have setup ADFS SSO for on-premises and integrated it with Azure Traffic Manager.
Now i need to use ADFS SSO with O365 Portal, it means i need to enable federated identity.
Azure AD Connect is already enabled and sync is working for a domain in Azure Portal.
Risk Factor is O365 Portal is in Production use and on-premises AD is already in sync.
Can you please advise how i Plan to Test ADFS SSO with Production Office 365?
Should i add a new separate domain for testing to minimize the impact on Production?
Is there any Downtime involved in testing? Please advise.
Please let me know if need more info. I will appreciate your response.
7 Replies
Hi Manmeet,
To test the federation in your production tenant, you should do the following.
1. Register a new domain to your tenant. You can get one free from www.myo365.site
2. Install and configure AD FS. You do not need to use AAD Connect, you can do that manually. To test, you only need one server, for production you should have at least 2 AD FS servers and 2 proxy servers.
3. Install Azure AD (Office 365) powershell module on AD FS server using following PowerShell cmdlet:
Install-Module MSOnline
4. Connect to Office 365:
Connect-MsolService
5. Set the federation context to use the current AD FS server:
Set-MsolADFSContext
6. Convert the domain to federated:
Convert-MsolDomainToFederated -DomainName yourdomain.com
And that's it, you are ready to test:
1. Browse to https://portal.office.com
2. Enter any username with the federated domain, such as someone@yourdomain.com and click next. Now the Office 365 recognizes that the domain is federated and redirects you to your AD FS server.
3. Login in as any user using your actual username & password. And if you have configured your browsers properly, the users will be logged in automatically.
So, the only difference to full production configuration is that you first need to enter "the wrong domain" to get redirected to your AD FS. After testing, you can convert the domain back to standard and convert your production domain to federated.
Thanks!
I will check it.
Hi Manmeet,
If you have your public domain in production please follow the steps in the following article to enable ADFS to Office 365 https://blogs.technet.microsoft.com/canitpro/2015/09/11/step-by-step-setting-up-ad-fs-and-enabling-single-sign-on-to-office-365/
For testing you will need to create a separate environment to other Office 365 Tenant.
The downtime is almost 0 because after you enable it it's seconds.
You can follow this article also https://blogs.technet.microsoft.com/rmilne/2017/05/14/how-to-install-ad-fs-2016-for-office-365-part-3/
Thanks Nuno for quick reply.
Right now I have 2 domains added in Azure Portal.
Assume
abc.com ======= is Primary =====Not Federated
xyz.com ======= is verified =====Not Federated
abc.com is in Production Use.
My goal is to federate xyz.com
While installing AAD Connect, if i choose xyz.com for federation, will it become Primary also?
Please clarify. Thanks.
Hi Manmeet,
If you need more than one domain you will need "SupportMultipleDomain" parameter. Please see the following article https://blogs.technet.microsoft.com/abizerh/2013/02/05/supportmultipledomain-switch-when-managing-sso-to-office-365/
If you want the xyz.com domain as primary you will need to change on Office 365 Portal.
