Friday, December 11, 2015

ADFS : Using Azure AD

I'm frequently asked about using Azure AD together with ADFS, AAD is becoming far more prevalent, mainly because of the popularity of Office 365 (which uses AAD under the hood).

There are a number of ways of doing this.

The first is the DirSync / AAD Connect route where the AD attributes are synched up to AAD. The AAD tenant becomes a federated tenant and relies on ADFS for authentication.

The second is where ADFS is added as a custom SAML application - refer : Configuring single sign-on to applications that are not in the Azure Active Directory application gallery. 

I don't recommend doing it this way - just including this for completeness.

The third way - and by far the easiest - is just to federate them. Import the AAD metadata (the endpoint link is at the bottom of an AAD Application) into ADFS and then configure AAD as per the second scenario in WAAD AS IdP.

Note that the URI is http rather than https (because it's the entityID).

This is also documented in this post (just ignore the SharePoint stuff).


No comments: