Nội dung:
Lab: Planning and configuring identity federation
Exercise 1: Deploying Active Directory Federation Services (AD FS) and Web Application Proxy
Task 1: Add DNS records required for AD FS
- Sign in to the LON-DS1 virtual machine as ADATUM\Administrator with a password of Pa55w.rd.
- On LON-DS1, select Start and then select Windows PowerShell.
- Type IPConfig and press Enter.
- Record the IPv4 address assigned to the server.
- On LON-DC1, open Server Manager, select Tools, and then select DNS.
- Expand LON-DC1, expand Forward Lookup Zones, and then select Adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number.
- Right-click Adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, and then select New Host (A or AAAA).
- In the New Host dialog box, leave the Name box empty, in the IP address box, type the External IP address provided by the hosting partner.
- Select Add Host, and then select OK.
- In the New Host dialog box, leave the Name box empty, in the IP address box, type the LON-DS1 IP address that you recorded in Step 3.
- Select Add Host, select OK, and then select Done.
Task 2: Create an Office 365 administrator account
- On LON-CL1, in the Microsoft 365 Admin center, select Users, then select Active users.
- Select Add a user.
- In the Display name field, enter Admin.
- In the Username field, enter admin and verify that Adatumyyxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, is selected as the Domain.
- Under Password, select Let me create the password, and enter the password you created on Module 1.
- Clear the Make this user change their password when they first sign in option.
- Under Roles, select Global administrator.
- Under Product licenses, enable the Create user without product license option, then select Add.
- Close the Admin user window.
Task 3: Configure and verify Azure AD Connect federation with AD FS
- Switch to LON-DS1.
- On the Desktop, double-click Azure AD connect.
- Select Configure.
- Select Change user sign-in and select Next.
- Sign in as [email protected], replacing yyxxxxx with your unique Adatum number, with password created in Module 1
- Select Federation with AD FS, then select Next.
- On the Domain Administrator credentials page, enter the USERNAME ADATUM\Administrator and PASSWORD Pa55w.rd, then select Next.
- Select Use a certificate installed on the federation servers and select Browse.
- In the Search box enter LON-DS1 and select the Search icon.
- Select LON-DS1.Adatum.com, then select OK.
- In the CERTIFICATE FILE drop-down, select the certificate provided by the lab provider.
- In the SUBJECT NAME drop-down, select the subject name that matches the certificate.
- In the SUBJECT NAME PREFIX box enter Adatumyyxxxxx, replacing yyxxxxx with your unique Adatum number, and select Next.
- On the AD FS servers page select Browse.
- In the Search box type LON-DS1 and select the Search icon.
- Select LON-DS1 then select OK.
- After the connection has been verified, select Next.
- On the Web Application Proxy servers page, select Browse.
- In the Search box type LON-WAP1 and select the Search icon.
- Select LON-WAP1, select OK, then select Next.
- On the AD FS service account page, select Create a group Managed Service Account, enter the following ENTERPRISE ADMIN USERNAME credentials, then select Next:
- User name: ADATUM\Administrator
- Password: Pa55w.rd
- On the Azure AD Domain page, in the drop-down select Adatumyyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, and select Next.
- On the Ready to configure page, select Configure.
- On the Verify federation configuration page, select I have created DNS a records that allow clients to resolve my federation service
- Select Verify.
The wizard will verify the AD FS server resolves to both internal and external DNS. You may need to select Verify multiple times to verify external DNS.
- Select Exit.
Result: After completing this exercise, you should have deployed the AD FS server in a federation server farm, and deployed the Web Application Proxy server to support AD FS.
Exercise 2: Verifying single sign-on (SSO)
Task 1: Verify SSO for internal users
- Switch to LON-CL3.
- On LON-CL3, open Microsoft Edge, and then connect to https://portal.office.com.
- Type [email protected], replacing yyxxxxx with your unique Adatum number, as the user name, and then press Tab.
- Verify that you are redirected to the Adatum sign in page.
- Type Pa55w.rd as the password, and then press Enter.
- Verify that you are connected to Office 365.
- Close Microsoft Edge.
Task 2: Verify SSO for external users
- On your local computer, open a Web browser (use an InPrivate browsing window, if possible).
- In the Address bar, type https://portal.office.com, and then press Enter.
- Type [email protected], replacing yyxxxxx with your unique Adatum number, as the user name, and then press Tab.
- Verify that you are redirected to the Adatum sign in page.
- Type Pa55w.rd as the password, and then press Enter.
- Review the Office 365 page for Grover Chambliss, and then close the Web browser window.
Result: After completing this exercise, you should have verified SSO authentication to Office 365 for a user on your corporate network and for a user on your host computer that is connected to the Internet.
Xem thêm:
- Microsoft 365 | Task 1 – Đăng ký tài khoản Microsoft 365
- Theme Eduma Dành Cho Giáo Dục Website WordPress – Sạch 100% từ Themeforest
- Microsoft 365 | Planning and configuring Exchange Online services
- Microsoft 365 | Planning and deploying Skype for Business Online
- Configure DHCP Failover Windows Server 2022
Planning and configuring identify federation