So scenario was this.
Customer has an Office 365 tenant all ready in-place. The users in Onpremise AD have SamAccountNames as UserPrincipalNames.
The next step Is obvious. Add UPN-suffix and change UserPrincipalName to match email address.
Then add mail-attribute for the users.
Then install Azure AD Connect and do the configuration.
Sync for the first time and Enable AutoUpgrade.
When You see users as Synced then proceed with ADFS and integration with Office 365.
Customize if You want.
Add IE Registry settings with Group Policy Preference. Why with registry, You ask? Because then the user has options to add more sites if they wish to.
And If you want to allow IWA to authenticate with other Browsers.
Or
Smart Urls, for Your convience. Change the RED to Your own names.
Sharepoint:
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&whr=YouAdfsServerPublicName&wreply=https://YourTenantName.sharepoint.com&LoginOptions=1
Onedrive:
https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rver=6%2E1%2E6206%2E0&wreply=https%3A%2F%2FYourTenantName-my.sharepoint.com%2F&whr=YourPrimarUpnSuffix
Owa:
https://outlook.com/owa/YourPrimarUpnSuffix
Portal:
https://YouAdfsServerPublicName/adfs/ls/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=MEST%3D0%26LoginOptions%3D2%26wa%3Dwsignin1.0%26rpsnv%3D2%26ver%3D6.1.6206.0%26wp%3DMCMBI%26wreply%3Dhttps:%252F%252Fportal.microsoftonline.com%252FDefault.aspx%26lc%3D1033%26id%3D271345
Next part will be Shibboleth and Java authentication with Azure REST API and ADFS tokens.
RSS - Posts