{"id":12919,"date":"2015-05-25T10:00:41","date_gmt":"2015-05-25T08:00:41","guid":{"rendered":"http:\/\/nolabnoparty.com\/?p=12919"},"modified":"2016-08-01T08:43:46","modified_gmt":"2016-08-01T06:43:46","slug":"adfs-3-0-setup-upn-suffix-for-office-365-sso-pt-1","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/adfs-3-0-setup-upn-suffix-for-office-365-sso-pt-1\/","title":{"rendered":"ADFS 3.0 setup UPN suffix for Office 365 SSO - pt. 1"},"content":{"rendered":"<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix01.jpg\" alt=\"adfs30upnsuffix01\" width=\"602\" height=\"202\" border=\"0\" \/><\/p>\n<p>To enable <strong>Single Sign-On with Office 365<\/strong>, ADFS 3.0 is the service to be configured to implement the federation process with Office 365.<\/p>\n<p>The<strong> high availability<\/strong> concept becomes a key point in ADFS because once you are using SSO with Office 365, you <strong>rely on your local Active Directory<\/strong> for authentication.<\/p>\n<p><!--more--><\/p>\n<p>To keep the highest HA factor, ADFS components should be installed in <strong>different virtual servers<\/strong> of the virtual infrastructure and in different hosts to prevent loss of service due to hardware failure.<\/p>\n<p>&nbsp;<\/p>\n<h2>Blog series<\/h2>\n<p>ADFS 3.0 setup UPN suffix for Office 365 SSO - pt. 1<br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-ssl-certificate-signing-request-pt-2\/\">ADFS 3.0 SSL certificate signing request - pt. 2<\/a><br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-install-adfs-server-pt-3\/\">ADFS 3.0 install ADFS Server - pt. 3<\/a><br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-install-wap-server-pt-4\/\">ADFS 3.0 install WAP Server - pt. 4<\/a><br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-federating-office-365-pt-5\/\">ADFS 3.0 federating Office 365 - pt. 5<\/a><br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-install-directory-sync-tool-pt-6\/\">ADFS 3.0 install Directory Sync tool - pt. 6<\/a><br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-deploy-office-365-pt-7\/\">ADFS 3.0 deploy Office 365 - pt. 7<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Prerequisites<\/h2>\n<p>To run ADFS 3.0 enabling Single Sign-On feature for Office 365, three core components need to be configured:<\/p>\n<ul>\n<li>ADFS Server<\/li>\n<li>ADFS WAP Server<\/li>\n<li>Directory Sync Server<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Schema<\/h2>\n<p>The schema to setup the <strong>ADFS environment<\/strong> to enable SSO service is the following:<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix02.jpg\" alt=\"adfs30upnsuffix02\" width=\"600\" height=\"676\" border=\"0\" \/><\/p>\n<p>An improved design should include a <strong>load-balanced configuration<\/strong> in order to better distribute the load across the ADFS servers.<\/p>\n<p>&nbsp;<\/p>\n<h2>Setup UPN suffix<\/h2>\n<p>If the used internal LAN domain name <strong>doesn\u2019t match the domain to federate<\/strong> with Office 365, a custom <strong>UPN suffix<\/strong> must be added in order to match the external name space.<\/p>\n<blockquote><p>Internal:\u00a0 nolabnoparty.<strong>local<\/strong><br \/>\nExternal: \u00a0nolabnoparty.<strong>com<\/strong><\/p><\/blockquote>\n<p>Open <strong>Active Directory Domain and Trust<\/strong> snap-in, right click the item Active Directory Domain and Trust and select <strong>Properties<\/strong> option.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix03.jpg\" alt=\"adfs30upnsuffix03\" width=\"600\" height=\"354\" border=\"0\" \/><\/p>\n<p>Type in the <strong>Alternative UPN suffixes<\/strong> field the domain name to match the external domain used to federate with Office 365 then click <strong>Add<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix04.jpg\" alt=\"adfs30upnsuffix04\" width=\"414\" height=\"462\" border=\"0\" \/><\/p>\n<p>Click <strong>OK<\/strong> to save the configuration and close Active Directory Domain and Trust window.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix05.jpg\" alt=\"adfs30upnsuffix05\" width=\"414\" height=\"462\" border=\"0\" \/><\/p>\n<p>The new UPN suffix must be assigned to the users in order to <strong>perform the authentication<\/strong> with federated domain.<\/p>\n<p>Open <strong>Active Directory Users and Computers<\/strong> and select the users to configure. Right click the selection and choose <strong>Properties<\/strong> option.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix06.jpg\" alt=\"adfs30upnsuffix06\" width=\"600\" height=\"420\" border=\"0\" \/><\/p>\n<p>Thick <strong>UPN suffix<\/strong>, select the correct domain name and click <strong>OK<\/strong> to save the configuration.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix07.jpg\" alt=\"adfs30upnsuffix07\" width=\"414\" height=\"462\" border=\"0\" \/><\/p>\n<p>Looking at the user's properties, the <strong>User logon name<\/strong> field is now set with the UPN suffix just configured.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin: 0px auto; display: block; padding-right: 0px; border: 0px;\" title=\"adfs30upnsuffix08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2015\/05\/adfs30upnsuffix08.jpg\" alt=\"adfs30upnsuffix08\" width=\"600\" height=\"346\" border=\"0\" \/><\/p>\n<p>The UPN suffix is set and both domains (internal and external) match.<\/p>\n<blockquote><p>Internal:\u00a0 nolabnoparty.<strong>com<\/strong><br \/>\nExternal: \u00a0nolabnoparty.<strong>com<\/strong><\/p><\/blockquote>\n<p><a title=\"ADFS 3.0 SSL certificate signing request \u2013 pt. 2\" href=\"https:\/\/nolabnoparty.com\/en\/adfs-3-0-ssl-certificate-signing-request-pt-2\/\">Part 2<\/a>\u00a0will cover the procedure to perform the <strong>SSL certificate signing request<\/strong>, one of the<strong>\u00a0<\/strong>ADFS components required by Office 365 SSO.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"firma\" title=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To enable Single Sign-On with Office 365, ADFS 3.0 is the service to be configured to implement the federation process with Office 365. The high availability concept becomes a key point in ADFS because once you are using SSO with Office 365, you rely on your local Active Directory for authentication.<\/p>\n","protected":false},"author":3,"featured_media":12923,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1065,1721],"tags":[1566,1568],"class_list":["post-12919","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-en","category-office365-en","tag-office-365","tag-upn","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/12919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=12919"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/12919\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/12923"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=12919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=12919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=12919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}