I had several ADFS and Single Sign On (SSO) questions from a large university in northern California proceeding with Office 365 for Education for faculty, staff and students.
What servers do I need to accommodate single sign on (SSO) aka Federated ID?
The following on premises servers are needed to accommodate SSO with Office 365:
- ADFS 2.0 Proxy Servers (2 minimum for redundancy)
- ADFS 2.0 servers (2 minimum for redundancy)
- DirSync Server
Do we require ADFS proxies or can I just deploy an ADFS internal server?
We require an ADFS proxy for Office 365 federation to function properly for things like Outlook SSO, etc.
Can I use TMG or UAG instead of an ADFS proxy server?
Yes, the documentation is being developed to support this as an option. There is some initial documentation here.
Is there an order they need to be installed?
Yes, configure ADFS and federated ID first and then Directory Sync Server. You would think it is the other way however things run better when ADFS is configured prior to Dirsync.
Do I need full blown SQL Server with ADFS?
No, it is recommended you use Windows Internal Database (WID) version with 50,000 objects or less. Anything beyond that number it is recommended to leverage the full blown SQL 2008 version.
What versions of SQL are supported?
WID, SQL 2005 and SQL 2008.
How many ADFS servers do I need for Federated ID?
Each ADFS server scale varies depending on load frequency such as will everyone be logging within a 15 minute interval or spread over an hour. This answer can range from 2 ADFS servers for 15,000 users with high load or many more users depending on your load frequency.
See the ADFS sizing calculator here to help narrow it down.
Can I enable geo-redundancy with ADFS?
Yes, it is possible to enable this with SQL mirroring/Replication to an alternate datacenter along with geoaware load balancers.
What happens if ADFS is unavailable?
ADFS is required to access Office 365 when using Federated ID (SSO). You want to ensure you have redundant ADFS proxies and ADFS servers to reduce any downtime to the cloud.
What type of hardware do I need for ADFS?
Federation Service Server
· Dual Quad Core 2.27GHz (8 cores)
· 16GB RAM
· Gigabit Network
Federation Service Proxy Server
· Quad Core 2.24GHz (4 cores)
· 4GB RAM
· Gigabit Network
Where can I get more information on deploying ADFS?