federate multiple Azure AD top level domains with single ADFS

testuser7 271 Reputation points
2023-01-06T15:42:37.103+00:00

Hello,

When I configure ADFS while installing Azure-AD Connect, my understanding is I am installing ADFS server in only one domain out of all the domains that I am synching to Azure-AD

This single ADFS server will be capable to federate all my top-level AAD verified domains.
So for eg., if my AAD has 2 domains i.e., constoso.com and fabrikam.com, then AAD can redirect users in both domains to the same ADFS server.
ADFS server can talk to both on-prem directories i.e., constoso.com and fabrikam.com to complete authentication and send the SAML token back to AAD

Am I correct in my understanding ?

Thanks.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,201 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,655 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nicolas Roche 411 Reputation points
    2023-01-06T18:53:28.823+00:00

    Hello,

    If i understand your question, yes it's that.
    We federate 9 domain in my company.

    Best regards
    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments
  2. testuser7 271 Reputation points
    2023-01-06T18:59:36.653+00:00

    Thanks @Nicolas Roche

    So you federate 9 top-level domains (not sub-domains) through one single ADFS server .

    So obviously these 9 AD domains must be in their individual separate AD forests and one forest will have this ADFS server.
    I believe there must be forest level trust.

    Thanks.