You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/active-directory-cloud-provisioning-sso.md
+9-16Lines changed: 9 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,30 +11,23 @@ ms.author: billmath
11
11
## Steps to enable Single Sign-on
12
12
Cloud provisioning works with Single Sign-on. Currently their is not an option to enable SSO when the agent is installed, however you can use the steps below to enable SSO and use it.
13
13
14
-
### Step 1: Import the Seamless SSO PowerShell module
14
+
### Step 1: Download and extract Azure AD Connect files
15
+
1. First, download the latest version of [Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594)
16
+
2. Open a command prompt using Administrative priviledges and navigate to the msi you just downloaded.
17
+
3. Run the following: `msiexec /a C:\filepath\AzureADConnect.msi /qb TARGETDIR=C:\filepath\extractfolder`
18
+
4. Change filepath and extractfolder to match your file path and the name of your extraction folder. The contents should now be in the extraction folder.
15
19
16
-
1. First, download, and install [Azure AD PowerShell](https://docs.microsoft.com/powershell/azure/active-directory/overview).
20
+
### Step 2: Import the Seamless SSO PowerShell module
21
+
22
+
1. Download, and install [Azure AD PowerShell](https://docs.microsoft.com/powershell/azure/active-directory/overview).
17
23
2. Browse to the `%programfiles%\Microsoft Azure Active Directory Connect` folder.
18
24
3. Import the Seamless SSO PowerShell module by using this command: `Import-Module .\AzureADSSO.psd1`.
19
25
20
-
### Step 2: Get the list of Active Directory forests on which Seamless SSO has been enabled
26
+
### Step 3: Get the list of Active Directory forests on which Seamless SSO has been enabled
21
27
22
28
1. Run PowerShell as an administrator. In PowerShell, call `New-AzureADSSOAuthenticationContext`. When prompted, enter your tenant's global administrator credentials.
23
29
2. Call `Get-AzureADSSOStatus`. This command provides you with the list of Active Directory forests (look at the "Domains" list) on which this feature has been enabled.
24
30
25
-
### Step 3: Disable Seamless SSO for each Active Directory forest where you've set up the feature
26
-
27
-
1. Call `$creds = Get-Credential`. When prompted, enter the domain administrator credentials for the intended Active Directory forest.
28
-
29
-
> [!NOTE]
30
-
>The domain administrator credentials username must be entered in the SAM account name format (contoso\johndoe or contoso.com\johndoe). We use the domain portion of the username to locate the Domain Controller of the Domain Administrator using DNS.
31
-
32
-
>[!NOTE]
33
-
>The domain administrator account used must not be a member of the Protected Users group. If so, the operation will fail.
34
-
35
-
2. Call `Disable-AzureADSSOForest -OnPremCredentials $creds`. This command removes the `AZUREADSSOACC` computer account from the on-premises domain controller for this specific Active Directory forest.
36
-
3. Repeat the preceding steps for each Active Directory forest where you’ve set up the feature.
37
-
38
31
### Step 4: Enable Seamless SSO for each Active Directory forest
39
32
40
33
1. Call `Enable-AzureADSSOForest`. When prompted, enter the domain administrator credentials for the intended Active Directory forest.
0 commit comments