SImple you would think but there are a few steps more than what you may first think to getting SSO through Windows Azure Active Directory working. 

Next you need to install Active Directory Federated Services.  You do this through Server Manager->Roles on your WSE box.  The go to the flag in Server Manager and select the post deployment details.  Follow the wizard creating new managed service user and creating the KDS root key as instructed.

Install the Windows Azure Active Directory Module.  You will also need the Microsoft Online Services Sign-In Assistant for IT Professionals BETA module too.  Install .net 3.5 through roles and features.

In my case I had an already confirmed domain but I needed to convert this to Federated for SSO.  Use Connect-MsolService with the organizational account for your domain and then the Convert-MsolDomainToFederated –DominaName “domain.tld”

In Windows Azure you should confirm that the domain name is now marked as verified and is configured for SSO. 

Log off and log back on again – actually I did a restart to install updates.

Then download dirsync and install on your local WSE.


After running it you should all be in sync.  If you change identities used for the sync then you’ll need to run the tool again.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.