Embed Size (px)
Citation preview
Contents Setting up office 365 Tenant:.................................................................................................................................................................................... 2
Setup your domain with Office 365 ...................................................................................................................................................................... 8
Activate SSO on Office 365 ..................................................................................................................................................................................... 13
Setting up ADFS SSO ............................................................................................................................................................................................... 16
Installing ADFS Role ............................................................................................................................................................................................ 16
Create a certificate request ................................................................................................................................................................................ 29
Configure Federation Service.............................................................................................................................................................................. 49
Configure SSO ..................................................................................................................................................................................................... 60
Setting up Azure ADSync......................................................................................................................................................................................... 63
Installation and Configuration of WAP ................................................................................................................................................................... 79
Installing Web Application Proxy ........................................................................................................................................................................ 80
Configuring WAP ................................................................................................................................................................................................. 91
Publishing ADFS using WAP ................................................................................................................................................................................ 98
Sign up for Windows Azure................................................................................................................................................................................... 104
Setup Site to Site VPN ....................................................................................................................................................................................... 107
Create a Virtual Machine .................................................................................................................................................................................. 120
Setting up office 365 Tenant:
Go to http://products.office.com/en-us/business/office-365-enterprise-e3-business-software and click on Free Trial
Enter the required information to sign up for Office 365 E3 Trial.
Enter admin user information to access your tenant.
Confirm your identity.
Enter the code to verify your identity and click on create account.
You are now done setting up for Office 365 E3 Trial tenant. To access your tenant go to Https://portal.office.com and enter your
username and password provided during setup. In our case username is [email protected]
Setup your domain with Office 365 Log on to https://portal.microsoftonline.com
On the Admin center Page click on Domain.
Note: The process of adding the domain is very self-explanatory and easy process however we always recommend administrative users to perform the procedure.
Click on add a domain
Click on Let’s get Started to start the process
Click on Start Step 1 to start the process of adding a domain.
In the Add a domain menu your domain e.g. yourdomain.com in the text field and click Next
The next step is to verify the domain you can do this by adding a txt or by adding a MX record entry as an alternate method and txt method is preferred. The txt entry wizard guides you with setting up the entry for several of the Registrars depending on the verification method you select. E.g. for a domain register as godaddy.com you will be prompted for step by step instruction on how to make the txt/MX entry addition to you domain.
- Domain registrar select as Godaddy.com
- Verification method select for txt record - The Txt record point to or the destination is displayed - Step by Step instructions also displayed for easy navigation and understanding - to check where you domain is hosted at click on the link: http://www.internic.net/whois.html
- Note: Typically it takes about 15 minutes for your changes to take effect and for propagation. However, it can take up to 72 hours for the record that
you created to propagate through the DNS system
Activate SSO on Office 365
To activate SSO with office 365, Go to Active Users Single Sign on
On instructions page click “activate” Directory Synchronization and a pop up window will open for confirmation as shown below.
Now go to your ADFS Server and install and configure SSO with office 365.
Setting up ADFS SSO
Installing ADFS Role
You need a service account for adfs to read information from active directory.
Create a certificate request
Open MMC Console
Click on File Add/Remove Snap-in Certificate and click on Add
Choose computer account and click next to finish the wizard.
Right click in Personal All Tasks Advanced Options Create Custom Request
Click on Details and then go to properties
Enter your friendly name and this will be the URL of your adfs server as well.
Go to “Subject” and select Common name of your certificate. Pls note that for ADFS 3.0 your Common name and friendly name
should be same and click ADD
Now go to Private Key tab and expand Key options and set the key properties as shown in above screen. Click Apply to finish.
After applying custom properties of certificate click Next.
Select the file location to save the request file of your certificate and click finish.
Go to your public DNS provider and request for a SSL certificate based on request file.
Once you got the certificate from public DNS provide. Go to mmc Add/Remove Snap-in Certificate Computer Certificate
Personal Right click All Tasks Import
Select public certificate downloaded from Certificate provider.
Configure Federation Service
Once you have public certificate installed you can configure ADFS Post installation. Go to server Manager Click Configure the Federation
Service on this Server
Now go to your internal DNS Server and create ‘A’ record for FS.mydomain.com that points to your ADFS server.
To test your ADFS installation. Go to https://fs.mydomain.com/adfs/ls/IdpInitiatedSignon.aspx
Configure SSO
Download and install Windows Azure Active Directory Module on your domain joined server.
Run Windows Azure Powershell as administrator and connect to your office 365 tenant using global admin credentials
Use the cmdlets as shown in below screenshots to convert your domain to federated. Note: If you have multiple Top level domains then you need to use –SupportMultipleDomains switch
Your domain is now federated and you can now use SSO with office 365.
Setting up Azure ADSync
You need an account with local administrator privileges on your computer to install Azure AD Sync.
Azure AD Sync requires a SQL Server database to store identity data. By default a SQL Express LocalDB (a light version of SQL Server Express) is installed and the service account for the service is created on the local machine.
SQL Server Express has a 10GB size limit that enables you to manage approximately 100.000 objects.
If you need to manage a higher volume of directory objects, you need to point the installation process to a different version of SQL Server.
AAD Sync supports all flavors of Microsoft SQL Server from SQL Server 2008 to SQL Server 2014.
You need enterprise admin rights on local active directory You need global admin rights on Office 365 tenant. I’m using [email protected] global admin account for my lab.
1. Install .Net framework 4.5
2. Run AAD Setup
Click on Add Forest to add your forest
Click Next
Your user accounts will now sync with office 365 after every 3 Hrs by default.
After Azure ADSync my local AD users are synced with office 365 now. We are done with setting up Azure AD Sync and SSO. Now we need to public our ADFS Server to internet with the help of WAP so that when users attempt to login to office 365 they can find our ADFS server on internet.
Installation and Configuration of WAP
Install and Verify Certificate.
External DNS Record: Create external DNS record for the ADFS proxy server.
Open Firewalls: Port 80 & 443 should be open on your firewalls.
Installing Web Application Proxy
Go to Server manager and click on ADD and Features
Select Remote Access Role
Select Web Application Proxy and Accept Add Required Features pop up
Configuring WAP
To verify that WAP is installed and configured properly. Go to WAP Administration Console and Check Operational Status as shown below.
Publishing ADFS using WAP
Go to wap administration console and click on Publish
ADFS is published now using WAP.
