Creating AD FS “Smart Links” for transparent SSO experience
Let’s say we have an Active Directory Federation Services customer who no longer wants his users to have to do the following to access O365:
- Go to portal.microsoftonline.com
- Type in their username
- Get redirected back to AD FS
- Type their username and password again
- Log into the service
What if we could just give a user a custom single link to use, where they would never even have to type in an O365 URL?
Well, we certainly can! These are called AD FS Smart Links, and we can configure them to help provide a better AD FS experience.
Ref: http://www.microsoft.com/en-us/download/details.aspx?id=28971 (6.4 – Smart Links)
Let’s create an example Outlook Web App seamless URL.
We’ll take our OWA Redirect URL:
The highlighted text we’ll replace with our AD FS service name (e.g. sts.contoso.com, the DNS object that points to the AD FS server)
Now, we’ll create a DNS CNAME object for our vanity domain.
Now when a user wants to log into OWA< all they have to do is
- Browse to owa.contoso.com
- Internally, they will be logged into automatically. Externally, they’ll hit their own AD FS page, without worrying about O365 Portal Redirection. (The ADFS page can also be fully customized with their own corp branding)
- The user never sees an O365 Link until they hit their mailbox.