federate multiple Azure AD top level domains with single ADFS

testuser7 206 Reputation points
2023-01-06T15:42:37.103+00:00

Hello,

When I configure ADFS while installing Azure-AD Connect, my understanding is I am installing ADFS server in only one domain out of all the domains that I am synching to Azure-AD

This single ADFS server will be capable to federate all my top-level AAD verified domains.
So for eg., if my AAD has 2 domains i.e., constoso.com and fabrikam.com, then AAD can redirect users in both domains to the same ADFS server.
ADFS server can talk to both on-prem directories i.e., constoso.com and fabrikam.com to complete authentication and send the SAML token back to AAD

Am I correct in my understanding ?

Thanks.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,620 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
952 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Nicolas Roche 401 Reputation points
    2023-01-06T18:53:28.823+00:00

    Hello,

    If i understand your question, yes it's that.
    We federate 9 domain in my company.

    Best regards
    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    No comments

  2. testuser7 206 Reputation points
    2023-01-06T18:59:36.653+00:00

    Thanks @Nicolas Roche

    So you federate 9 top-level domains (not sub-domains) through one single ADFS server .

    So obviously these 9 AD domains must be in their individual separate AD forests and one forest will have this ADFS server.
    I believe there must be forest level trust.

    Thanks.