Preparing for domain federation

The first step you will need to do is convert your domain to federated.

Make sure you meet the below requirements before proceeding:

  • All users of the domain for which you are enabling SSO must be synchronized to Forcepoint ONE SSE by deploying the Forcepoint ONE SSE AD agent. Converting a domain to federated will affect all users in the domain. Microsoft 365 SSO will only work for synchronized users and any non-synchronized users will not be able to authenticate.
  • Make sure you have prepared for Microsoft 365 SSO by deploying the Microsoft Entra Connect to sync your users from AD to Microsoft 365.
  • In order to proceed, you will need to import the MSOnline and AzureAD modules inside of PowerShell. Open up PowerShell as an administrator and run the Import-Module cmdlet (Import-Module -name <name of module>) for both MSOnline and Microsoft Entra ID.

    If either commands fail, visit the Microsoft PowerShell Gallery for more information.

Note:

To figure out if your domain is already federated, you can open PowerShell and run the following commands:

  • Connect to your domain with: Connect-msolservice
  • Get Domain information: PS C****> Get-MsolDomain

These commands will list out all your domain names, their status, and authentication type (federated).