Events
Apr 9, 3 PM - Apr 10, 12 PM
Code the Future with AI and connect with Java peers and experts at JDConf 2025.
Register NowMicrosoft Entra Connect and federation
Microsoft Entra Connect lets you configure federation with on-premises Active Directory Federation Services (AD FS) and Microsoft Entra ID. With federation sign-in, you can enable users to sign in to Microsoft Entra ID-based services with their on-premises passwords--and, while on the corporate network, without having to enter their passwords again. By using the federation option with AD FS, you can deploy a new installation of AD FS, or you can specify an existing installation in a Windows Server 2012 R2 farm.
This topic is the home for information on federation-related functionalities for Microsoft Entra Connect. It lists links to all related topics. For links to Microsoft Entra Connect, see Integrating your on-premises identities with Microsoft Entra ID.
| Topic | What it covers and when to read it |
|---|---|
| Microsoft Entra Connect user sign-in options | |
| Understand user sign-in options | Learn about various user sign-in options and how they affect the Azure sign-in user experience. |
| Install AD FS by using Microsoft Entra Connect | |
| Prerequisites | See the prerequisites for a successful AD FS installation via Microsoft Entra Connect. |
| Configure an AD FS farm | Install a new AD FS farm by using Microsoft Entra Connect. |
| Federate with Microsoft Entra ID using alternate login ID | Configure federation using alternate login ID |
| Modify the AD FS configuration | |
| Repair the trust | Repair the current trust between on-premises AD FS and Microsoft 365/Azure. |
| Add a new AD FS server | Expand an AD FS farm with an additional AD FS server after initial installation. |
| Add a new AD FS WAP server | Expand an AD FS farm with an additional Web Application Proxy (WAP) server after initial installation. |
| Add a new federated domain | Add another domain to be federated with Microsoft Entra ID. |
| Update the TLS/SSL certificate | Update the TLS/SSL certificate for an AD FS farm. |
| Renew federation certificates for Microsoft 365 and Microsoft Entra ID | Renew your O365 certificate with Microsoft Entra ID. |
| Other federation configuration | |
| Federate multiple instances of Microsoft Entra ID with single instance of AD FS | Federate multiple Microsoft Entra ID with single AD FS farm |
| Add a custom company logo/illustration | Modify the sign-in experience by specifying the custom logo that is shown on the AD FS sign-in page. |
| Add a sign-in description | Change the sign-in description on the AD FS sign-in page. |
| Modify AD FS claim rules | Modify or add claim rules in AD FS that correspond to Microsoft Entra Connect Sync configuration. |
Additional resources
Training
Module
Implement and manage hybrid identity - Training
Creating a hybrid-identity solution to use your on-premises active directory can be challenging. Explore how to implement a secure hybrid-identity solution.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.