When your administrator deploys Active Directory Federation Services (ADFS) for use in Office 365, you were told that you would no longer need to provide separate username’s and passwords, as your Active Directory credentials (username/password) can be used instead. However when you attempt to access OWA, SharePoint or other online services, you are prompted to enter your username and password, potentially multiple times, such as when accessing the Microsoft Online Portal (MOP) [enter UPN, get redirected to ADFS and enter username/password].
This is due to your Internet Explorer not having the ADFS endpoint, such as sts.contoso.com, added to the Intranet Security Zone setting. IE sees sts.contoso.com as an Internet address, falling into the Internet security zone, which does not automatically release/send username/password or the logged on user.
To resolve this issue you must add your ADFS endpoint into this IE Intranet Security Zone location.
- Internet Options
- Local Intranet –> Sites
- Add this website to the list: https://*.contoso.com
- OK all the way out of this IE setting
- Close all Internet Explorer browsers
- Login to the Office 365 Online Portal (MOP): https://portal.microsoftonline.com
- Enter your login User Principal Name (UPN) and notice that you are not able to enter password, instead click the link to login using ADFS
At this point, your browser is redirected to your local ADFS endpoint for Active Directory authentication. With the IE setting in place, your machine logged in credentials are passed to ADFS, you are authenticated and redirected back to the Online Portal (MOP) and granted access!