Azure AD Connect and federation
Azure Active Directory (Azure AD) Connect lets you configure federation with on-premises Active Directory Federation Services (AD FS) and Azure AD. With federation sign-in, you can enable users to sign in to Azure AD-based services with their on-premises passwords--and, while on the corporate network, without having to enter their passwords again. By using the federation option with AD FS, you can deploy a new installation of AD FS, or you can specify an existing installation in a Windows Server 2012 R2 farm.
This topic is the home for information on federation-related functionalities for Azure AD Connect. It lists links to all related topics. For links to Azure AD Connect, see Integrating your on-premises identities with Azure Active Directory.
Azure AD Connect: federation topics
| Topic | What it covers and when to read it |
|---|---|
| Azure AD Connect user sign-in options | |
| Understand user sign-in options | Learn about various user sign-in options and how they affect the Azure sign-in user experience. |
| Install AD FS by using Azure AD Connect | |
| Prerequisites | See the prerequisites for a successful AD FS installation via Azure AD Connect. |
| Configure an AD FS farm | Install a new AD FS farm by using Azure AD Connect. |
| Federate with Azure AD using alternate login ID | Configure federation using alternate login ID |
| Modify the AD FS configuration | |
| Repair the trust | Repair the current trust between on-premises AD FS and Microsoft 365/Azure. |
| Add a new AD FS server | Expand an AD FS farm with an additional AD FS server after initial installation. |
| Add a new AD FS WAP server | Expand an AD FS farm with an additional Web Application Proxy (WAP) server after initial installation. |
| Add a new federated domain | Add another domain to be federated with Azure AD. |
| Update the TLS/SSL certificate | Update the TLS/SSL certificate for an AD FS farm. |
| Renew federation certificates for Microsoft 365 and Azure AD | Renew your O365 certificate with Azure AD. |
| Other federation configuration | |
| Federate multiple instances of Azure AD with single instance of AD FS | Federate multiple Azure AD with single AD FS farm |
| Add a custom company logo/illustration | Modify the sign-in experience by specifying the custom logo that is shown on the AD FS sign-in page. |
| Add a sign-in description | Change the sign-in description on the AD FS sign-in page. |
| Modify AD FS claim rules | Modify or add claim rules in AD FS that correspond to Azure AD Connect sync configuration. |