ADFS down disable Office 365 SSO

16 בApril 2017

אין תגובות

Hi guys,

Today, I would like to talk a little bit about what happens while ADFS is down,  how can we allow to users to access to Office 365 resources, how should we act?

Before I am presenting you the Powershell commands we should run in this scenario I would make sure all of you understand what is Office 365 SSO with ADFS, A couple of months ago I made a good article about how can we configure AD Azure join in for SSO to Office 365, Whether you read it or not I put URL for you:

Configure Azure AD Join

Use in Azure AD join provides us SSO to Office 365 resources without ADFS or any complicated configuration, it’s pretty easy for set it up,

However, there are several limitations that I have mentioned in my article. the main limit is that SSO doesn’t work via Google Chrome, which is the most common browser nowadays.

and the policy control is not good enough and not satisfied  for some organizations,

Therefore government organizations and security companies prefer to use in ADFS service which provides us more flexibility to manage our SSO and set restrictions.

So I have set up Office 365 with AD Connect and configured SSO with ADFS, I haven’t established a FARM on purpose, I want to demonstrate you crisis scenario which could happen anytime 🙂 Once ADFS is down users can’t access to Office 365 resources, what we have to in this scenario?

1 ) Open  “Microsoft Azure Active Directory Module for Windows PowerShell

2) Connect-MsolService – Enter Global Administrator Credential 

3) Run get-MsolDomain and you will find that your domain is federated:

4) Convert-MsolDomainToStandard -DomainName -PasswordFile C:\1.TXT -SkipUserConversio
n $true (The file won’t created):

5) Set-MsolDomainAuthentication -DomainName -Authentication Managed

6) Get-MsolDomains:

And at this point users are able to perform login successfully to Office 365 with their on-premise permission

Once ADFS Service has been repaired you can run the following command and the SSO will work again:

1 )  Open Windows Azure Active Directory PowerShell

2)  Run Connect-MsolService

3) Convert-MsolDomainToFederated -DomainName

4) Set-MsolDomainAuthentication -DomainName -Authentication Federated

הוסף תגובה
facebook linkedin twitter email

Leave a Reply

Your email address will not be published. Required fields are marked *