If you are looking for AD FS setup for Windows Server 2012 to the NEW Office 365 (wave 15), then please checkout this series of posts.
In the previous step we added and verified your external domain with Office 365, that was the first step in federating AD with Microsoft and Office 365.
In order to enable SSO there are a few more steps in that need to be completed and in this posting we will cover installing ADFS and Federating with Office 365.
Before you try to setup federation it’s always a good idea to document your solution. This will make it a lot easier to achieve your end goal.
This will be the end goal architecture for setting up ADFS, ADFS Proxies and Directory Synchronization
Base build ADFS01 and ADFS02 with Windows Server 2008 R2 SP1 (Standard or Enterprise)
Add the servers to the local domain and assign static IP addresses from your internal network (192.168.0.x)
- If you are using and internal domain name that doesn’t match the domain that you federated with Office 365 you will have to add a custom UPN suffix that matches that external name space
- Internal Domain – contoso.local
- External Domain – contoso.com
UPN Suffix will need to be added for contoso.com
If you need to add the UPN suffix, please follow these instructions, http://support.microsoft.com/kb/243629
This post assumes that you have matching internal and external name spaces or that you have added the UPN suffix
Create a domain service account for use with ADFS 2.0 RTW. It just has to be a regular user account and make sure to set the password not to expire.
While logged into ADFS01 and ADFS02 with an administrator account open the Microsoft Online Admin Portal (https://portal.microsoftonline.com) and log in with a global administrator account.
Click Downloads on the right had side of the page.
Click the ‘Set up’ button from ‘Set up and configure your Office and desktop apps’
The application will launch
Sign in with an account that has Global Admin rights on the Office 365 Account
Uncheck any applications that are checked so that only the ‘Microsoft Online Services Sign-in Assistant’ will be installed
Accept the agreement to start the install
Download ADFS 2.0 RTW from ADFS01 and ADFS02 making sure that you select the edition that matches the operating system on the ADFS server.
Install ADFS 2.0 RTW on ADFS01
Double click the file that you just downloaded to launch the install
Click Next on the Welcome Screen
Accept the License Agreement
Server Role Option screen, select Federation Server
Click ‘Next’ and walk through the rest of the install process. This will install all the required operating system components and setup the ADFS site in IIS
- Windows Identity Foundation
- .NET Framework 3.5 SP1
- Internet Information Services (IIS)
- Windows PowerShell 2.0
- When the install is finished, uncheck ‘ Start the ADFS 2.0 Management Snap-in’ and click ‘Finish’
The Complete Series of Posts
- Open Office 365 Account and Sign up for the E Plan Trail
- Add and Verify the primary SMTP domain
Setting up ADFS Servers with Windows NLB
Setting up ADFS Proxy Servers with Windows NLB
- Setup Directory Synchronization to Office 365
Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.
Office 365 MVP