Azure AD Connect 和联合身份验证Azure AD Connect and federation

Azure Active Directory (Azure AD) Connect 可让你配置使用本地 Active Directory 联合身份验证服务 (AD FS) 和 Azure AD 进行的联合身份验证。Azure Active Directory (Azure AD) Connect lets you configure federation with on-premises Active Directory Federation Services (AD FS) and Azure AD. 通过联合身份验证登录,可以让用户能够使用本地密码登录基于 Azure AD 的服务;使用公司网络时,无需再次输入密码就可登录服务。With federation sign-in, you can enable users to sign in to Azure AD-based services with their on-premises passwords--and, while on the corporate network, without having to enter their passwords again. 使用 AD FS 的联合身份验证选项,可以部署 AD FS 的新安装,也可以在 Windows Server 2012 R2 场中指定现有安装。By using the federation option with AD FS, you can deploy a new installation of AD FS, or you can specify an existing installation in a Windows Server 2012 R2 farm.

本主题是关于 Azure AD Connect 的联合身份验证相关功能的信息主页。This topic is the home for information on federation-related functionalities for Azure AD Connect. 它列出了指向所有相关主题的链接。It lists links to all related topics. 有关 Azure AD Connect 的链接,请参阅将本地标识与 Azure Active Directory 集成For links to Azure AD Connect, see Integrating your on-premises identities with Azure Active Directory.

Azure AD Connect:联合身份验证主题Azure AD Connect: federation topics

主题Topic 涵盖的内容和阅读时机What it covers and when to read it
Azure AD Connect 用户登录选项Azure AD Connect user sign-in options
了解用户登录选项Understand user sign-in options 了解各个用户登录选项以及这些选项如何影响 Azure 登录用户体验。Learn about various user sign-in options and how they affect the Azure sign-in user experience.
使用 Azure AD Connect 安装 AD FSInstall AD FS by using Azure AD Connect
先决条件Prerequisites 了解通过 Azure AD Connect 成功安装 AD FS 的先决条件。See the prerequisites for a successful AD FS installation via Azure AD Connect.
配置 AD FS 场Configure an AD FS farm 使用 Azure AD Connect 安装新的 AD FS 场。Install a new AD FS farm by using Azure AD Connect.
使用备用登录 ID 与 Azure AD 联合Federate with Azure AD using alternate login ID 使用备用登录 ID 配置联合Configure federation using alternate login ID
修改 AD FS 配置Modify the AD FS configuration
修复信任Repair the trust 修复本地 AD FS 和 Microsoft 365/Azure 之间的当前信任。Repair the current trust between on-premises AD FS and Microsoft 365/Azure.
新增 AD FS 服务器Add a new AD FS server 初始安装后,使用其他 AD FS 服务器扩展 AD FS 场。Expand an AD FS farm with an additional AD FS server after initial installation.
新增 AD FS WAP 服务器Add a new AD FS WAP server 初始安装后,使用其他 Web 应用程序代理 (WAP) 服务器扩展 AD FS 场。Expand an AD FS farm with an additional Web Application Proxy (WAP) server after initial installation.
添加新的联合域Add a new federated domain 添加其他要与 Azure AD 联合的域。Add another domain to be federated with Azure AD.
更新 TLS/SSL 证书Update the TLS/SSL certificate 更新 AD FS 场的 TLS/SSL 证书。Update the TLS/SSL certificate for an AD FS farm.
续签 Microsoft 365 和 Azure AD 的联合身份验证证书Renew federation certificates for Microsoft 365 and Azure AD 使用 Azure AD 续订 O365 证书。Renew your O365 certificate with Azure AD.
其他联合配置Other federation configuration
将 Azure AD 的多个实例与 AD FS 的单个实例联合Federate multiple instances of Azure AD with single instance of AD FS 联合多个 Azure AD 与单个 AD FS 场Federate multiple Azure AD with single AD FS farm
添加自定义公司徽标/插图Add a custom company logo/illustration 通过指定 AD FS 登录页上显示的自定义徽标来修改登录体验。Modify the sign-in experience by specifying the custom logo that is shown on the AD FS sign-in page.
添加登录说明Add a sign-in description 更改 AD FS 登录页上的登录说明。Change the sign-in description on the AD FS sign-in page.
修改 AD FS 声明规则Modify AD FS claim rules 在 AD FS 中修改或添加对应于 Azure AD Connect 同步配置的声明规则。Modify or add claim rules in AD FS that correspond to Azure AD Connect sync configuration.

其他资源Additional resources