Applies to: Exchange Server 2010 SP1

Topic Last Modified: 2012-07-23

Estimated time to complete: 90 minutes

Single sign-on enables users to access both the on-premises and cloud-based organizations with a single user name and password. Configuring single sign-on also allows you to enforce your organization's password policies and account restrictions in both the on-premises and cloud-based organizations.

Learn more at: Understanding Single Sign-On

This topic is meant to be read as part of the Microsoft Exchange Server 2007 and Office 365 Hybrid Deployment checklist. Information or procedures in this topic may depend on prerequisites configured in topics earlier in the checklist. To view the checklist, see Checklist - Exchange 2007 and Office 365 Hybrid Deployment

How do I do this?

Configure single sign-on for your on-premises organization as follows.

  1. Add additional physical or virtual servers to your on-premises organization to support an installation of Active Directory Federation Services (AD FS) and make sure the servers meet the requirements to run AD FS.

  2. Install AD FS.

  3. Configure single sign-on between your on-premises organization and the cloud-based service. Learn more at: Prepare for single sign-on

How do I know this worked?

After adding the MSOL federated domain using the Microsoft Online Services Identity Federation Management Tool, you can run the following code in the Microsoft Online Services Federation Management Tool to view the configuration settings of the Microsoft Online Services federation.

Copy Code
Get-MSOLFederationProperty -DomainName <your primary SMTP domain>

Verify that both AD FS server and Microsoft Online Services have been added as sources for your primary SMTP domain in the returned results.

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums