Microsoft Entra Connect and federation

Microsoft Entra Connect lets you configure federation with on-premises Active Directory Federation Services (AD FS) and Microsoft Entra ID. With federation sign-in, you can enable users to sign in to Microsoft Entra ID-based services with their on-premises passwords--and, while on the corporate network, without having to enter their passwords again. By using the federation option with AD FS, you can deploy a new installation of AD FS, or you can specify an existing installation in a Windows Server 2012 R2 farm.

This topic is the home for information on federation-related functionalities for Microsoft Entra Connect. It lists links to all related topics. For links to Microsoft Entra Connect, see Integrating your on-premises identities with Microsoft Entra ID.

Microsoft Entra Connect: federation topics

Topic What it covers and when to read it
Microsoft Entra Connect user sign-in options
Understand user sign-in options Learn about various user sign-in options and how they affect the Azure sign-in user experience.
Install AD FS by using Microsoft Entra Connect
Prerequisites See the prerequisites for a successful AD FS installation via Microsoft Entra Connect.
Configure an AD FS farm Install a new AD FS farm by using Microsoft Entra Connect.
Federate with Microsoft Entra ID using alternate login ID Configure federation using alternate login ID
Modify the AD FS configuration
Repair the trust Repair the current trust between on-premises AD FS and Microsoft 365/Azure.
Add a new AD FS server Expand an AD FS farm with an additional AD FS server after initial installation.
Add a new AD FS WAP server Expand an AD FS farm with an additional Web Application Proxy (WAP) server after initial installation.
Add a new federated domain Add another domain to be federated with Microsoft Entra ID.
Update the TLS/SSL certificate Update the TLS/SSL certificate for an AD FS farm.
Renew federation certificates for Microsoft 365 and Microsoft Entra ID Renew your O365 certificate with Microsoft Entra ID.
Other federation configuration
Federate multiple instances of Microsoft Entra ID with single instance of AD FS Federate multiple Microsoft Entra ID with single AD FS farm
Add a custom company logo/illustration Modify the sign-in experience by specifying the custom logo that is shown on the AD FS sign-in page.
Add a sign-in description Change the sign-in description on the AD FS sign-in page.
Modify AD FS claim rules Modify or add claim rules in AD FS that correspond to Microsoft Entra Connect Sync configuration.

Additional resources