Category Archives: SSO

AAD Connect Multi-Domain Support Claim Rule Problems

Today I encountered that the multi-domain support ADFS claim rule generated by AAD Connect version is gives problems in some cases (version 1.1.486.0, april 2017). The rule configured by AAD Connect is as follows:

c1:[Type == ""]
 && c2:[Type == 

ADFS 3.0/WAP (2012 R2) to ADFS 4.0/WAP (2016) Upgrade Gotchas

With the introduction of the new version of ADFS in Windows Server 2016, Microsoft introduced the possibility to run ADFS in compatibility mode and to upgrade your existing configuration to ADFS 4.0 (2016).

Although the upgrade path, as described in …


Inter-forest Migration: How to use a “hybrid” ImmutableID when federating with Azure AD


When you are working on an inter-forest migration in an environment that is integrated with Azure AD / Office 365 you should take care how to manage the ImmutableID. This has impact on how Single Sign On works with …


Using the SalesForce1 App with Azure Active Directory

One of the biggest apps on the Azure Active Directory Gallery is SalesForce. A couple of years ago ADFS SSO and identity provisioning to SalesForce was quite a new challenge, especially when multiple Salesforce Organizations and Portals are being used. …