Microsoft Office Tutorials and References
In Depth Information
Converting the domain from standard authentication to identity federation
Converting the domain from standard authentication to
Now that we have installed IIS, bound the AD FS service to the IIS server, applied the
necessary certificates applied to the IIS server, tested AD FS, and can see the XML schema, it is
safe to say that AD FS is now operational and can service authentication requests.
The last step is to convert your domain that is in Office 365 from standard authentication
to identity federation. This action will cause Office 365 to redirect access requests by users
with the UPN suffix of the domain to your AD FS for authentication, unless a user already
has a valid token from a previously successful authentication. Converting the tenant to
identity federation for a domain will not affect or alter the logon experience of cloud
To convert the domain from standard authentication to identity federation, we will need to
switch back to Windows PowerShell. Follow the steps in one of the two following sections
that best describes your environment.
AD FS server is installed on Windows Server 2008 R2
1. Download and install the Windows Azure Active Directory Module for Windows
PowerShell cmdlets, formerly known as the Microsoft Online Services Module for
Windows PowerShell cmdlets. The 32-bit version of the Windows Azure Active
Directory Module for Windows PowerShell is located at http://go.microsoft.com/
2. Start the Windows Azure Active Directory Module for Windows PowerShell cmdlets.
3. Enter the following command, which will produce a logon prompt for a user name
$cred = Get-Credential
4. The credentials you provide will be stored in the $cred variable. At the logon prompt,
use your Office 365 Global Administrator account name.
Note Why save a credential in a variable?
Technically, when managing identity with Windows PowerShell you can simply
use the command Connect-MsolService . You do not need to save the credential
in a variable first. However, we saved the credential in a variable in our example
because we will need it when we use Windows PowerShell for Exchange Online, so
we are just keeping it consistent throughout the book.