Log in to the Office 365 Identity Federation Setup page as the tenant administrator. We recommend you to follow and complete the described ten steps to achieve SSO.
Review and prepare for SSO as described in the step 1 of Identity Federation Setup page.
Skip step 2 to integrate without AD FS.
NOTE:In this integration, it is not required to deploy AD FS. Here, Advanced Authentication replaces AD FS and acts as Security Token Service (STS) for SSO. Ensure to make note of the UPN requirements for SSO.
Do not install the Windows Azure Active Directory Federation Services 2.0 as described in step 3. Instead, install the Microsoft Online Services Sign-in Assistant on a computer joined to your AD domain then open PowerShell and run the following command to install the Microsoft Azure Active Directory Module for Windows PowerShell:
Install-Module MSOnline
For more information about Office 365 PowerShell, see Connect to Office 365 PowerShell.
Review the prerequisites for Active Directory synchronization and activate the Active Directory synchronization for your domain as described in step 5 and 6.
Install and configure the Directory Sync tool on the same server where you have installed the Microsoft Azure Active Directory Module for Windows PowerShell.
Launch Azure Active Directory Connect.
In the Express settings page, click Custom Settings.
In the User sign-in page, select Do not configure as Sign On method.
In the Identifying Users page, select objectGUID from Source Anchor.
Verify the Active Directory Synchronization and activate the Office 365 licensing for unlicensed but synchronized users.