Preparing for domain federation
The first step you will need to do is convert your domain to federated.
Make sure you meet the below requirements before proceeding:
- All users of the domain for which you are enabling SSO must be synchronized to Forcepoint ONE SSE by deploying the Forcepoint ONE SSE AD agent. Converting a domain to federated will affect all users in the domain. Microsoft 365 SSO will only work for synchronized users and any non-synchronized users will not be able to authenticate.
- Make sure you have prepared for Microsoft 365 SSO by deploying the Microsoft Entra Connect to sync your users from AD to Microsoft 365.
- In order to proceed, you will need to import the MSOnline and AzureAD modules inside of PowerShell. Open up PowerShell as an administrator
and run the
Import-Module cmdlet(Import-Module -name <name of module>) for both MSOnline and Microsoft Entra ID.If either commands fail, visit the Microsoft PowerShell Gallery for more information.
Note:
To figure out if your domain is already federated, you can open PowerShell and run the following commands:
- Connect to your domain with:
Connect-msolservice - Get Domain information:
PS C****> Get-MsolDomain
These commands will list out all your domain names, their status, and authentication type (federated).