AVAILABLE OCTOBER 2017
In order to utilise your On-Premises credentials to sign into Skype for Business from VIA please first consider the following caveats:
- Changing the sign in method in the VIA portal will immediately affect any subsequent logins to any VIA products. We recommend performing these changes out of core business hours, ensuring colleagues are fully aware of the changes taking place and that the sign in process is fully tested after implementation.
- Once ADFS Sign In is enabled, users will not be able to sign into Polycom VVX or RealPresence Trio devices. In order to utilise these devices, please create a "Device account" in the VIA portal. This account is solely for the use on an IP device and does not allow for SSO.
- The following client versions DO NOT support VIA SSO:
Office Client 15.0.[0000-4766].*
Office Client 16.0.[0000-4293].*
Office Client 16.0.6001.[0000-1032]
Office Client 16.0.[6000-6224].*
- The latest version of IE must be installed on all Windows based client computers. We WILL NOT provide support for any earlier version installed. This follows Microsoft guidelines: https://www.microsoft.com/en-gb/windowsforbusiness/end-of-ie-support
- The certificate utilised by ADFS must be a Public Certificate, signed by a Root authority, NOT an internal certificate.
If you wish to continue with ADFS Sign In, please follow these instructions:
1) Navigate to any of your AD FS Servers.
2) Open the ADFS Management Interface and expand "Trust Relationships" & "Relying Party Trusts"
3) Click "Add Relying Party Trust".
4) Select "Import data about the relying party published online or on a local network" enter the following in the "Federation Metadata address":
5) Click Next, Set the display name to "VIA Skype for Business" or leave as default.
6) Select your desired Multi-Factor authentication settings.
7) Select "Permit all users to access this relying party".
8) Leave "Open the Edit Claims Rules dialog" checked and click close.
9) From the "Claim Issuance Policy" window, click "Add Rule".
10) Choose "Send LDAP Attributes as Claims" and select Next.
11) Enter a name for this rule, e.g. "UPN".
12) Select the attribute store "Active Directory".
13) Select "User-Principal-Name" in the left-hand box (LDAP attribute) and enter "UPN" as the "Outgoing Claim Type".
14) Finish the select and save the Claim Issuance Policy.
15) You will now see VIA as a configured and enabled Relying Party Trust.
16) Enter the federation metadata URL in the portal, ensuring you use the public accessible address. This is usually https://sts.example.com/FederationMetadata/2007-06/FederationMetadata.xml