This also applies to mobile devices if they are Azure AD joined.
Single Sign-on from any device that is joined to Azure AD. This could also be used in complex scenarios for debugging issuing rules. In this case, I get a full list of claims provided by federation. ADFS Help is a very neat service from Microsoft for debugging all kinds of federated logins etc. In this demo I use ADFS Help as application. Just save, deliver metadata URL to SaaS provider and enjoy the magic.
If there are no special claims used, that’s it. These are something that you find from existing ADFS federation. Only mandatory settings are Application Identifier and Reply URL. Then, in Single sign-on tab, choose to use SAML and you end up with this kind of settings: Otherwise you must assign the application to an individual user or group. If this application is used by everyone in your organization, go to the properties of the newly created application and change “User assignment required” to No. The name is displayed in My Apps portal so choose wisely. Actual application registration takes no more than two minutes if you have all the details available.įrom Azure AD management portal, click Enterprise Applications -> Add an Application -> Non-gallery application and give it a name. Creating a new SaaS application that authenticates using SAML needs an Azure AD Premium P1 license. In most cases you could move those applications to use Azure AD as their authentication source. It will also increase end user satisfaction as they don’t need to remember multiple user names and passwords and will login to all applications automatically. Using one common identity and authentication source increases security as a user account is more probably closed when employment ends. In most of the customer cases I have worked in, ADFS was built because of Office 365 and then more applications got added to it. What about all the other federations for SaaS applications? Doing this enables more identity protection features f.ex. My recommendation is always use Password Hash Sync and incorporate it with Pass-through Authentication if strict enforcement of local AD policies is needed.
95% of use cases end up something other than ADFS. Today, Microsoft has good documentation how to choose authentication for your use. Previously I have been installing high available ADFS farms to almost every customer that had more than few users and wanted single sign on to Office 365. Azure AD Premium Plan 1 licensed organizations have little to none reasons still using ADFS for anything. Executive summary: There is little to none reasons still using ADFS for Office 365 logins.
0 kommentar(er)
