Improve Office 365 sign-in for Viva Engage with auto-acceleration policy
To improve the Office 365 sign-in experience for Viva Engage, use the Auto-acceleration policy to accelerate directly to the ADFS federated domain, bypassing the Office 365 sign-in page.
Prerequisites
You must be a global administrator in Office 365 to run the PowerShell commands.
Download and install the Azure Active Directory v2 PowerShell Module.
Open administrative Azure AD PowerShell and run following commands:
Important
The
Save-Module
command downloads the module from the Internet. You need a working internet connection on the computer where you run these commands.Save-Module -Name AzureAD -Path <path>
Install-Module -Name AzureAD
Enable policy
Run the following commands:
Connect to Tenant's Microsoft Entra ID. This command prompts you to sign in using admin credentials.
connect-AzureAD [-tenantID | -tenantDomain] <tenant name>
Check that no policy of the same name already exists.
get-AzureADPolicy
Create a new policy:
If you have a single federated domain that authenticates users for applications, set human resource development (HRD) policy by running the following command:
New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`": {`"AccelerateToFederatedDomain`":true}}") -DisplayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
If you have multiple federated domains and have a preferred domain for your application against which users authenticate, set Policy by typing the following command:
` New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true,`"PreferredDomain`":`"contoso.com`"}}") - Displ`ayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
Note the object-id of the policy you created:
get-AzureADPolicy
Note the ObjectId of servicePrincipal for Viva Engage application (Redirect output to a text file for easy search). The AppDisplayName would be "Office 365 Viva Engage" with AppID of 00000005-00000ff1-ce00-000000000000
Get-AzureADServicePrincipal -All $true | fl > output.txt
Finally, add the policy for Viva Engage service:
Add-AzureADServicePrincipalPolicy -ID <ObjectID of the Service Principal copied from #5> -RefObjectId <ObjectId of the Policy copied from #4>
List of commands in order
To enable the policy, you must run the following commands. Run them one line at a time and review the output after each command:
Connect-AzureAD -TenantDomain <Tenant-Name>
get-AzureADPolicy
$PolicyId = New-AzureADPolicy -Definition
@("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`"
:true}}") -DisplayName BasicAutoAccelerationPolicyforViva Engage -Type HomeRealmDiscoveryPolicy
get-AzureADPolicy
$yamObjectId = Get-AzureADServicePrincipal -All $true | ?{$_.AppDisplayName -eq 'Office 365 Viva Engage'}
Add-AzureADServicePrincipalPolicy -Id $yamObjectId.ObjectId - RefObjectId $PolicyId.Id
Note: If you have multiple federated domains, adjust the third command appropriately.
Testing
In a new in-private browser session, sign in to Viva Engage with user credentials from the federated domain. Your sign-in workflow should skip the Microsoft Entra ID page and go straight to the ADFS sign-in page.
Scenarios
The following table summarizes the authorization flows for this policy.
Login | Flow without policy | Flow with policy |
---|---|---|
Viva Engage.com |
Email address > Microsoft Entra sign-in > ADFS sign-in |
Email address > ADFS sign-in |
Viva Engage.com/mycompany.com |
Email address > Microsoft Entra sign-in > ADFS sign-in |
Email address > ADFS sign-in |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for