Improve Office 365 sign-in for Viva Engage with auto-acceleration policy

To improve the Office 365 sign-in experience for Viva Engage, use the Auto-acceleration policy to accelerate directly to the ADFS federated domain, bypassing the Office 365 sign-in page.

Prerequisites

  • You must be a global administrator in Office 365 to run the PowerShell commands.

  • Download and install the Azure Active Directory v2 PowerShell Module.

  • Open administrative Azure AD PowerShell and run following commands:

    Important

    The Save-Module command downloads the module from the Internet. You need a working internet connection on the computer where you run these commands.

    Save-Module -Name AzureAD -Path <path>
    
    Install-Module -Name AzureAD
    

Enable policy

  1. Run the following commands:

    Connect to Tenant's Microsoft Entra ID. This command prompts you to sign in using admin credentials.

    connect-AzureAD [-tenantID | -tenantDomain] <tenant name>
    

    Screenshot showing an example sign-in using admin credentials.

  2. Check that no policy of the same name already exists.

    get-AzureADPolicy
    
  3. Create a new policy:

  • If you have a single federated domain that authenticates users for applications, set human resource development (HRD) policy by running the following command:

     New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":        {`"AccelerateToFederatedDomain`":true}}") -DisplayName
      BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
    

    If you have multiple federated domains and have a preferred domain for your application against which users authenticate, set Policy by typing the following command:

    ` New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true,`"PreferredDomain`":`"contoso.com`"}}")
    -    Displ`ayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
    
  1. Note the object-id of the policy you created:

    get-AzureADPolicy
    

    Screenshot showing an example output of new policy.

  2. Note the ObjectId of servicePrincipal for Viva Engage application (Redirect output to a text file for easy search). The AppDisplayName would be "Office 365 Viva Engage" with AppID of 00000005-00000ff1-ce00-000000000000

    Get-AzureADServicePrincipal -All $true | fl > output.txt
    

    Screenshot of Command line for redirecting output to a text file.

    Screenshot of an example of output to a text file.

  3. Finally, add the policy for Viva Engage service:

    Add-AzureADServicePrincipalPolicy -ID <ObjectID of the Service Principal copied from #5> -RefObjectId <ObjectId of the Policy copied from #4>
    

    Screenshot of Command line for adding the policy for Viva Engage service.

List of commands in order

To enable the policy, you must run the following commands. Run them one line at a time and review the output after each command:

Connect-AzureAD -TenantDomain <Tenant-Name>
get-AzureADPolicy
$PolicyId = New-AzureADPolicy -Definition
@("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`"
:true}}") -DisplayName BasicAutoAccelerationPolicyforViva Engage -Type HomeRealmDiscoveryPolicy
get-AzureADPolicy
$yamObjectId = Get-AzureADServicePrincipal -All $true | ?{$_.AppDisplayName -eq 'Office 365 Viva Engage'}
Add-AzureADServicePrincipalPolicy -Id $yamObjectId.ObjectId - RefObjectId $PolicyId.Id

Note: If you have multiple federated domains, adjust the third command appropriately.

Testing

In a new in-private browser session, sign in to Viva Engage with user credentials from the federated domain. Your sign-in workflow should skip the Microsoft Entra ID page and go straight to the ADFS sign-in page.

Scenarios

The following table summarizes the authorization flows for this policy.

Login Flow without policy Flow with policy
Viva Engage.com
Email address > Microsoft Entra sign-in > ADFS sign-in
Email address > ADFS sign-in
Viva Engage.com/mycompany.com
Email address > Microsoft Entra sign-in > ADFS sign-in
Email address > ADFS sign-in