Plan to Test ADFS SSO with Production O365 and to enable Federation in Production Azure Portal

Hi Manmeet,

To test the federation in your production tenant, you should do the following.

1. Register a new domain to your tenant. You can get one free from www.myo365.site

2. Install and configure AD FS. You do not need to use AAD Connect, you can do that manually. To test, you only need one server, for production you should have at least 2 AD FS servers and 2 proxy servers.

3. Install Azure AD (Office 365) powershell module on AD FS server using following PowerShell cmdlet:

Install-Module MSOnline

4. Connect to Office 365:

Connect-MsolService

5. Set the federation context to use the current AD FS server:

Set-MsolADFSContext

6. Convert the domain to federated:

Convert-MsolDomainToFederated -DomainName yourdomain.com

And that's it, you are ready to test:

1. Browse to https://portal.office.com

2. Enter any username with the federated domain, such as someone@yourdomain.com and click next. Now the Office 365 recognizes that the domain is federated and redirects you to your AD FS server.

3. Login in as any user using your actual username & password. And if you have configured your browsers properly, the users will be logged in automatically.

So, the only difference to full production configuration is that you first need to enter "the wrong domain" to get redirected to your AD FS. After testing, you can convert the domain back to standard and convert your production domain to federated.