While configuring SSO for Office 365, I ran into this issue of “Your organization could not sign you into the service”. I looked at the documentation provided here, however there were issues in those commands. However, the help provided there and some other blogs/forums helped me to resolve the problem.
Run the following command to see if the configuration matches between ‘ADFS Server’ and ‘Microsoft Office 365’.
> Get-MsolFederationProperty –DomainName YourDomain.com
Initially, I thought everything matches. However, with close inspection, I figured out some minor mismatches (even things like one string doesn’t end with a ‘/’). We need to get everything to match exactly the same to avoid the issue. As per the suggestion, I tried to run the following command to get this fixed.
> Update-MsolFederatedDomain -DomainName YourDomain.com –SupportMultipleDomain
Still, I found the ‘FederationServiceIdentifier’ to be different between ADFS Server and O365.
Then I updated the service identifier on ADFS Server, by going to through ‘AD FS 2.0 Management’ in administrative tools.
- Open ‘AD FS 2.0 Management’
- Right click and select ‘Edit Federation Service Properties’ from ‘Service’ node under ‘AD FS 2.0’
- Change the required properties to match what you need. :)
No comments:
Post a Comment