Set Up Office 365 Single Sign-On Federation with ADFS 2.0

When you set up single sign-on (also known as identity federation), your users can sign in with their corporate credentials to access the services in Microsoft Office 365 for enterprises. As part of setting up single sign-on, you must also set up directory synchronization. Together, these features integrate your local and cloud directories.

1. Prepare for single sign-on Learn about the benefits of single sign-on and make sure you meet the requirements before you set it up. Read: Prepare for single sign-on

2. Plan for and deploy Active Directory Federation Services 2.0 Work through the in-depth documentation to deploy and configure AD FS 2.0. Read: Plan for and deploy Active Directory Federation Services 2.0 for single sign-on

3. Install the Microsoft Online Services Identity Federation Management tool Download and run the tool that establishes the trust relationship between your AD FS 2.0 server and Microsoft Office 365 for each of your domains that use single sign-on. Read: Install the Microsoft Online Services Identity Federation Management tool

Windows 32-bit version Windows 64-bit version

4. Verify additional domains Go to the domains page to verify any additional domains that don’t use single sign-on.

5. Prepare for directory synchronization Check prerequisites, including computer requirements and user permissions. Read: Prepare for directory synchronization

6. Activate Active Directory® synchronization Activate directory synchronization to use your local Active Directory to add or remove users and security groups and sync to Microsoft Office 365. After you activate directory synchronization, you cannot deactivate it. Learn more

Activating Active Directory® synchronization allows you to automatically copy users, security groups and other objects from your local Active Directory to Microsoft Office 365. Important: The ability to deactivate Active Directory synchronization is currently not available. Once Active Directory synchronization is activated, synchronized objects may only be edited on-premise.Learn more

7. Install and configure the Directory Synchronization tool Download the Directory Synchronization tool and then configure it to set up synchronization from Active Directory to Microsoft Office 365.

Read: Install the Directory Synchronization tool

8. Verify directory synchronization Make changes to your local Active Directory and verify those changes in Microsoft Office 365. Read: Verify directory synchronization

9. Activate synchronized users Go to the users page, select the “Unlicensed users” view, select all of those users, and then click “Activate synced users”.

10. Verify and manage single sign-on Sign in to Microsoft Office 365 with your corporate credentials to verify that single sign-on is working. Then learn how to maintain single sign-on and directory synchronization.

Read: Verify and manage single sign-on

Read: Manage directory synchronization Set up and manage single sign-on