This is expected because, at this point, the remote client has no means of reaching the on-premises ADFS 2.0 Federation service.Īdd a host (A) record to the public facing DNS zone. Now, if we move the computer off-premises and attempt to login, we receive this error: The test is successful as the user can login using corporate credentials. To verify that single sign-on is functioning properly, we access the Microsoft Online portal from a computer located within the corporate network. Forefront TMG integrated Network Load Balancing (NLB) is enabled. Two nTMG enterprise appliances are configured as a standalone array. Exchange is operating in hybrid-mode (some user mailboxes are in the cloud while others remain on-premises). Active Directory information is synchronised to Office 365. Active Directory Federation Services (ADFS) 2.0 has been deployed on premises and single sign-on enabled. The corporate domain (SUREFRONT.CO.UK) has been added to Office 365. With this advanced deployment option, Forefront TMG is used in preference to a Federation Server Proxy. (Single sign-on allows users to use their corporate (Active Directory) user ID and password in order to access Office 365 services located in the cloud). In my first contribution to the Forefront Security blog, I will explain how to extend the Office 365 single sign-on experience to remote users by publishing ADFS 2.0 with Forefront TMG. Single Sign-on for Office365 with Forefront TMG
0 Comments
Leave a Reply. |