Richard Smith
asked on
Password Hash sync to ADFS
Hi,
I currently use password hash and just starting to look at moving to ADFS,
I will setup 2 ADFS servers + 2 WAP servers.
My current domain is company.com, some users UPN in company.com but we have 6 brands within the group, the users in these brands login with the UPNs company2.co.uk , firmb.net, company3.xyz
My question is, will I need a different SSL cert for each of the domains on the ASFS servers or just the company.com domain?
Thanks,
I currently use password hash and just starting to look at moving to ADFS,
I will setup 2 ADFS servers + 2 WAP servers.
My current domain is company.com, some users UPN in company.com but we have 6 brands within the group, the users in these brands login with the UPNs company2.co.uk , firmb.net, company3.xyz
My question is, will I need a different SSL cert for each of the domains on the ASFS servers or just the company.com domain?
Thanks,
Rajkumar Duraisamy
Just the company name is fine to setup ADFS.. and then you can enable the switch to support Multiple Domains.
The SSL cert is for the web server, if you are going to use a single endpoint for all those domains, you need just that one added on the cert.
Any particular reason for choosing AD FS instead of PTA/SSO though? You can get similar experience with much lesser on-premises footprint.
Any particular reason for choosing AD FS instead of PTA/SSO though? You can get similar experience with much lesser on-premises footprint.
Note: ADFS can be installed on a member server. The OS version needs to be Windows Server 2008 R2 & above.
ADFS & Azure AD Sync (DirSync) cannot be installed on the same server.
We would need an additional public ip address for the ADFS server and a Public A record adfs.domain.com.
A Firewall NAT rule will need to be configured for this public IP address allowing 443 request from external clients to ADFS Server.
We will need a new third party certificate for migration and ADFS.
Note: The certificate will include the following urls:
DNS Name=mail.domain.com
DNS Name=autodiscover.domain.c
DNS Name=adfs.domain.com
ADFS & Azure AD Sync (DirSync) cannot be installed on the same server.
We would need an additional public ip address for the ADFS server and a Public A record adfs.domain.com.
A Firewall NAT rule will need to be configured for this public IP address allowing 443 request from external clients to ADFS Server.
We will need a new third party certificate for migration and ADFS.
Note: The certificate will include the following urls:
DNS Name=mail.domain.com
DNS Name=autodiscover.domain.c
DNS Name=adfs.domain.com
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.