Enable Persistent Single Sign on (PSSO) for SharePoint online

Hello All,

Ahmad Yasin

In this short article, we will discuss the steps in order to enable Persistent Single Sign on (PSSO) for SharePoint Online with ADFS integration.

Simply, PSSO means that within a period of time, the users can access SharePoint online without the need to authenticate every time with ADFS (within specific period), usually the normal process that happens when the user trying to Access SharePoint online (Assuming that SharePoint online already integrated with ADFS to Authenticate Against local AD), when the user close the browser and try to access the SharePoint again, he will be redirected to ADFS to get the Authentication token which sometimes make a little delay.

to solve this issue, we can use PSSO claim which will allow the user to access SharePoint without the need to go each time to the ADFS within the life time of the cookies that will be issued.

To do that, open ADFS management console, right click on the O365 relying party and choose Edit claim Rule as below:

 

From Claim Rule Template, choose “Send Claim Using a Custom Rule as below:

Finally Add below:

c:[Type == “http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork“] => issue(Type = “http://schemas.microsoft.com/2014/03/psso“, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

 

Now, from the PowerShell, if you write below command:

Get-AdfsProperties | fl *persistent*

You can see from the result the PSSO lifetime in minutes:

Make sure that PSSO is enabled, Also you can play with the lifetime using the Set-AdfsProperties command.

 

Ahmad Yasin (MCSA office 365, MCSE : Messaging, Azure Certified)

Ahmad Yasin is a Microsoft Cloud Engineer and the Owner & publisher of AzureDummies blog. He also holds many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions and MCSA office 365.

Find Ahmad at Facebook and LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *