Install Windows PowerShell for single sign-on with AD FS

Updated: June 25, 2015

Applies To: Azure, Office 365, Power BI, Windows Intune

Note

This topic might not be completely applicable to users of Microsoft Azure in China. For more information about Azure service in China, see windowsazure.cn.

After you have deployed Active Directory Federation Services, the next step to set up single sign-on is to download and install the Microsoft Azure Active Directory Module for Windows PowerShell. Once installed, you will use these cmdlets to configure your Azure AD domains as federated domains.

For more information about deploying AD FS for SSO, see Checklist: Use AD FS to implement and manage single sign-on.

Download and install Windows PowerShell for single sign-on with AD FS

The Microsoft Azure Active Directory Module for Windows PowerShell is a download for managing your organizations data in Azure AD. This module installs a set of cmdlets to Windows PowerShell; you run those cmdlets to set up single sign-on access to Azure AD and in turn to all of the cloud services you are subscribed to.

For instructions about how to download and install the cmdlets, see Azure AD PowerShell

Before you set up single sign-on in your full production environment, you can also run a single sign-on pilot. See the section below for more details.

Run a pilot to test single sign-on before setting it up (optional)

Before adding or converting a domain as a single sign-on domain, you may want to run a pilot. Performing a staged rollout of single sign-on is not currently possible; all users become federated at the same time. However, you can pilot single sign-on with a set of production users from your production Active Directory forest.

Pilot users should thoroughly test various sign-in scenarios to ensure that single sign-on (and the AD FS deployment) is correctly configured and ready to be rolled out across the entire organization. To test this, have users access the cloud service from browsers as well as rich client applications (such as Microsoft Office 2010) in the following environments:

  • From a domain-joined computer

  • From a non-domain-joined computer inside the corporate network

  • From a roaming domain-joined computer outside the corporate network

  • From the different operating systems that you use in your company

  • From a home computer

  • From an Internet kiosk (browser only)

  • From a smart phone (for example, a smart phone that uses Microsoft Exchange ActiveSync)

For more information, see How to pilot single sign-on in a production user forest.

Next step

Now that you have installed Windows PowerShell for single sign-on with AD FS, the next step is to Set up a trust between AD FS and Azure AD.

See Also

Concepts

Checklist: Use AD FS to implement and manage single sign-on
Single sign-on roadmap