October 27, 2014 1 Comment
After some DirSync implementations one of my FIM customers has the need for mobile device management with Windows Intune. So it seems a perfect time to me for my first implementation of the AAD Connector for FIM 2010 R2.
The customer had the following special requirements:
- No Password Sync, instead using SSO with ADFS
- Minimalistic set of attributes on users in the cloud (Corporate and legal issues)
- Manual management of which user goes into the cloud or not (by helpdesk)
- Usage of proxy connection for all servers incl. FIM (no direct internet connect)
I searched the internet a bit for configuration of the WAAD connector, but the technical reference ends at the step of adding attribute flows and other posts are mostly for complex scenarios (hybrid, multi-forest and so on).
So once again I had to figure it out by myself and I decided to put my solution on here for this minimalistic implementation. I will skip the installation and configuration of ADFS and WAP, the Azure AD configuration and also the firewall/proxy configuration. There is a lot of documentation out there for this. Bit I will give the one or the other hint on some facts.
To setup your Azure/Intune for SSO with ADFS follow the guide in your Azure/Intune portal.