Thursday, 4 August 2016

Synchronise AD Users to Office365 (with Single Sign-On)

A - OBJECTIVE: 

This article is to illustrate details about the process:

1. to synchronize all of Active Directory (AD) users in your organization to Office 365. 

2. to enable Single Single-On (SSO) using local AD accounts.

B - PROBLEMS :

Instead of manually managing users (in the format of yourtenant.onmicrosoft.com), you can sync all domain users in your organization to Office 365 to reduce the administrative work.

Directory Sync: Accounts and passwords (on-premises Directory) will be replicated using DirSync Tool at Office365 Federated Identity (aka Azure AD) on an hourly basis.

Single Sign-On: your users can access directly to the Office365 tenant just by clicking a link (i.e. no prompt for username & password) if they are within the company's internal network. This is enabled by Active Directory Federation Services (ADFS)






C - SOLUTION:

To complete the configuration, please follow these steps:

1. At Office365, your private domain which is associated to the domain users must be added. Note: if you already have a live website, you should choose a proper option to manage the domain by your side, not Microsoft.

2. At ADFS server, you must convert the Authentication mode of your private domain at Office365 from "Managed" to "Federated". At the end of this step, you should see a trust "Microsoft Office 365 Identity Platform" is set up in the section "Relying Party Trusts".

3.  At ADFS server, you need to install Microsoft Azure Active Directory Connect to run the synchronization job. An admin service account in "Enterprise Admins" group must be used to run the job. Reason: Microsoft will replicate your whole AD directory to the cloud.

D - SOURCE CODE or BENCHMARK:

Screenshots to be added.

No comments:

Post a Comment