Microsoft
SharePoint Online authentication setup
Microsoft
SharePoint Online
authentication setupThe following instructions do not apply when you configure
Microsoft
SharePoint Online
using Modern Authentication. For Kerberos constrained delegation (KCD), which allows for single sign-on credential-less access to network resources from devices, only Active Directory Federation Service (ADFS) authentication to Microsoft
SharePoint Online
is supported.Configure delegation using the
BEMS
service account (for example, BEMSAdmin). When adding Kerberos delegation constraints for Docs
service users, add the ADFS server HTTP service. Do not add Microsoft
SharePoint Online
servers for delegation here.For non-KCD configurations, where users enter their credentials on the device, both DirSync with Password Hash and ADFS authentication mechanisms to
Microsoft
SharePoint Online
are supported. No extra authentication-related steps are required to use this configuration.ADFS | Description |
|---|---|
ADFS version and location | Refers to the version of Microsoft
Windows that is installed in your environment to verify which version of ADFS is required. The ADFS server is automatically identified by the Docs service based on the Microsoft
SharePoint Online location and does not need to be specified. |
ADFS HTTPS certificate | If your ADFS server uses a self-signed certificate for HTTPS communication, the certificate must be added as a trusted CA on the computer hosting BEMS .To add the certificate, navigate to the Microsoft IIS Manager on the computer hosting ADFS, then go to Server Certificates and export the certificate to a file. On the computer hosting BEMS , import this certificate into the trusted CA list.Once you deploy Microsoft
SharePoint Online , you’re ready to configure the Docs service for your Microsoft
SharePoint Online users. |