locked
Using the same ADFS Farm for O365 and other SSO applications RRS feed

  • Question

  • Hello,

    I work in a large enterprise environment and wanted to know if it was possible to use the O365 ADFS farm for SSO to be used in conjunction with other applications that need ADFS for SSO as well?  Can I just use one farm to federate different domains and applications?

    Thanks for any help on this.

    GregInAtlanta

    Wednesday, May 24, 2017 7:29 PM

Answers

All replies

  • Hi,

    According to my research, if all these domains are hosted in a single forest, then we can simply use the existing ADFS service for authentication by updating the ADFS settings using the -SupportMultipleDomain parameter. In this way, we don’t need to set up a new ADFS service for the other domains hosted in the forest.

    However, if the domains are hosted in separated forests, then we will need to deploy ADFS service separately for each domain in their own forests.

    For more details, please refer to the articles below:

    http://blogs.technet.com/b/abizerh/archive/2013/02/06/supportmultipledomain-switch-when-managing-sso-to-office-365.aspx

    Furthermore, I suggest to contact ADFS Forum for further help:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=ADFS&filter=alltypes&sort=lastpostdesc

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Alvwan Thursday, May 25, 2017 11:28 AM
    • Marked as answer by ITGregInAtlanta Friday, May 26, 2017 1:50 PM
    Thursday, May 25, 2017 4:51 AM
  • Yes, it is possible to use Office 365 ADFS farm for other applications (make sure others application are Claims-Aware).

    For more details. please refer to 

    https://docs.microsoft.com/en-gb/windows-server/identity/ad-fs/design/provide-your-active-directory-users-access-to-your-claims-aware-applications-and-services 

    • Proposed as answer by Alvwan Thursday, May 25, 2017 11:28 AM
    Thursday, May 25, 2017 5:14 AM
  • Thanks Alvin,

    I did not run the -supportmultipledomain parameter on the first federated domain.  This is why I kept getting the powershell error message when I tried federating the second domain.  So I converted the first domain back to manage and then ran the powershell command with the -supportmultipledomain parameter and now I can federate more than one domain.  Thanks a million.

    Friday, May 26, 2017 1:56 PM
  • Hi,

    You're welcome.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, May 27, 2017 1:09 AM