Microsoft
SharePoint Online authentication setup
Microsoft
SharePoint Online
authentication setupThe following instructions do not apply when you configure
Microsoft
SharePoint Online
using Modern Authentication. For Kerberos constrained delegation (KCD), which allows for single sign-on credential-less access to network resources from devices, only Active Directory Federation Service (ADFS) authentication to Microsoft
SharePoint Online
is supported.Configure delegation using the
BEMS
service account (for example, BEMSAdmin). When adding Kerberos delegation constraints for Docs
service users, add the ADFS server HTTP service. Do not add Microsoft
SharePoint Online
servers for delegation here.For non-KCD configurations, where users enter their credentials on the device, both DirSync with Password Hash and ADFS authentication mechanisms to
Microsoft
SharePoint Online
are supported. No extra authentication-related steps are required to use this configuration.ADFS version and location
Refer to the version of
Microsoft
Windows
that is installed in your environment to verify which version of ADFS is required. The ADFS server is automatically identified by the Docs
service based on the Microsoft
SharePoint Online
location and does not need to be specified.ADFS HTTPS certificate
If your ADFS server uses a self-signed certificate for HTTPS communication, the certificate must be added as a trusted CA on the computer hosting
BEMS
.To add the certificate, navigate to the
Microsoft
IIS Manager on the computer hosting ADFS, then go to Server Certificates and export the certificate to a file. On the computer hosting BEMS
, import this certificate into the trusted CA list.Once you deploy
Microsoft
SharePoint Online
, you’re ready to configure the Docs
service for your Microsoft
SharePoint Online
users.