If your Office 365/CRM Online environment is already protected by OnPrem ADFS, AgilePoint portal and server supports logging in with same Microsoft Office 365/Windows Azure AD account using OAuth2 token. When your Office 365 account is protected by OnPrem AD using ADFS, what Microsoft does behind the scene is that it protects all its Online services with AFDS using following URL
Since AgilePoint also supports Office 365/Windows Azure AD signup using same URL
AgilePoint already is protected with your ADFS as long as you complete our sign up/consent flow for Office 365 ID. When you enable Office 365 auth in AgilePoint NX you get an option of Auto Sync user profile so your ADFS profile is already synchronized with AgilePoint when user logs in. Even if there is no Office 365 involved and your ADFS is synchronized with Windows Azure AD then that is fine.
What this means is that
- AgilePoint even in cloud is protected with your OnPrem AD using ADFS. You do not have to do anything extra for AgilePoint as long as your Office 365/CRM/Widnows Azure AD environment is already protected with ADFS and you run the consent flow for AgilePoint tenant to register this as a trusted app in your Office 365/CRM backed by Windows Azure AD.
- No separate certificate or ADFS endpoint provisioning has to be done for AgilePoint as long as you bring your Office 365 ID or Windows Azure AD.
Everything above applies to a stand alone Windows Azure AD protected by ADFS as well without Office 365 in picture. Adding the consent for obtaining Office 365/Windows Azure AD token is part of our sign up for AgilePoint OnDemand environment and is also made available as Add-On even fo your AgilePoint server in OnPremises or in private cloud.
Also bear in mind that AgilePoint NX OmPrem or in Private Cloud can be directly protected with ADFS. It is covered in my other blog post