federate multiple Azure AD top level domains with single ADFS

testuser7 276 Reputation points
2023-01-06T15:42:37.103+00:00

Hello,

When I configure ADFS while installing Azure-AD Connect, my understanding is I am installing ADFS server in only one domain out of all the domains that I am synching to Azure-AD

This single ADFS server will be capable to federate all my top-level AAD verified domains.
So for eg., if my AAD has 2 domains i.e., constoso.com and fabrikam.com, then AAD can redirect users in both domains to the same ADFS server.
ADFS server can talk to both on-prem directories i.e., constoso.com and fabrikam.com to complete authentication and send the SAML token back to AAD

Am I correct in my understanding ?

Thanks.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,288 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,964 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Nicolas Roche 411 Reputation points
    2023-01-06T18:53:28.823+00:00

    Hello,

    If i understand your question, yes it's that.
    We federate 9 domain in my company.

    Best regards
    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

  2. testuser7 276 Reputation points
    2023-01-06T18:59:36.653+00:00

    Thanks @Nicolas Roche

    So you federate 9 top-level domains (not sub-domains) through one single ADFS server .

    So obviously these 9 AD domains must be in their individual separate AD forests and one forest will have this ADFS server.
    I believe there must be forest level trust.

    Thanks.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.