Managing Federation Services– Enabling Single Sign-On (SSO)

Share this:

Configuring an existent domain in Microsoft Azure to support Single Sign-On (SSO)


At this point in the game we have already installed, configured and prepare the Federation Services and in this last episode of this implementation we will enable SSO (Single Sign-On).

The first step is logged on the Federation Server (ADFS), open the  Windows Azure Active Directory Module for PowerShell.

The first step is to connect to the Microsoft Azure, and we can do that by running the cmdlet below. After running that cmdlet an authentication box will be displayed, we need to fill that out with our dialog box with the Microsoft Azure credentials



Before performing any changes, we will list all the domains using cmdlet below. Domains listed as Managed do not have Single Sign-On (SSO) enabled.



In order to enable the SSO for our domain (in our Tutorial will be the domain we need to run the cmdlet below, and after converting it to Federated we will list the domains again to check if the changes take place.

Convert-MSOLDomainToFederated –DomainName <>



Testing the solution…

Logged on a computer in the domain, an user that has a mailbox in the Office365, can go to, the next step is to click on Sign in located in the right upper corner. In the new page, type in the e-mail address and click on Sign in.


If everything goes well a redirecting information will be displayed during the process, and the user will redirected automatically to the Office365 portal without being asked for password which means that our Federation Server is working properly.



In this Tutorial we converted an existent domain to support Single Sign-On and tested the results on a client domain-joined machine.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at, and (Portuguese).