This round, we are going to look at “Single Sign On” option. To do so, you’re require to prepare virtual machine
- Windows Server 2012 R2 for federation server
- Windows Server 2012 R2 for the Web Application Proxy
- An SSL certificate for the federation service name you intend to use. (for example: fs.ms4u.local)
Just to recap about AAD Connect :
AAD Connect streamlines the experience of extending your local directories into Azure AD so that fewer tools are required to install; it guides you through the entire experience so you are not required to read many pages of documentation; and it reduces the on-premises footprint because you are not required to deploy many servers.
AAD Connect is a single wizard that performs all of the steps you would otherwise have to do manually for connecting your Windows Server Active Directory to Azure Active Directory:
- It downloads and installs pre-requisites like the .NET Framework, Azure Active Directory PowerShell Module, and Microsoft Online Services Sign-In Assistant
- It downloads, installs and configures Dirsync (or AAD Sync), and enables it in your Azure AD directory.
- It configures either the password sync or the single sign-on scenario, depending on which sign-on option you prefer, including any required configuration in Azure.
- It checks to make sure that your configuration is working!
- Select Sign On
- Enter a domain administrator account to connect to local domain
- Select features :- Exchange hybrid and password write cache
- Select how user should be identified in your on-premise directories
- Select to connect to existing ADFS Farm or build a new ADFS farm. Enter your certificate file with private key and password
- On ADFS and Web Proxy VM , execute winrn quickconfig
- Enter your ADFS server farm and Web Application proxy. Here you can enter multiple server that you would like AAD Connect to build
- Enter a domain user account which has local admin right on the federation server
- Create a group managed service account or use an existing domain user account
- Select the domain that you would like to be federated
Lastly review the summary and click Install to deploy. AAD Connect will start to deploy
- DirSync on existing VM that you have installed AAD Connect
- Install and Configure ADFS
- Install and Configure Web Application Proxy
- Start the initial synchronization
That’s complete the entire process.