Federated domain configurations define how authentication flows between Entra ID and trusted systems. For IT admins, tracking SAML or WS-Fed settings, claims mappings, and domain trust requirements can get complex, especially when multiple domains are in play. Fortunately, there are straightforward ways to review and manage these details.
Connect-MgGraph -Scopes "Domain.Read.All"
Get-MgDomainFederationConfiguration
Get-MgDomainFederationConfiguration -DomainId "yourdomain.com"
Example query
Connect-MgGraph -Scopes "Domain.Read.All"
Get-MgDomainFederationConfiguration -DomainId "testdomain.com"
Example output
Id : 5a72f94b-3d49-4f86-82d0-99bcac45f913
DomainId : testdomain.com
DisplayName : Testdomain
IssuerUri : http://sts.testdomain.com/adfs/services/trust
PassiveSignInUri : https://sts.testdomain.com/adfs/ls/
ActiveSignInUri : https://sts.testdomain.com/adfs/services/trust/2005/usernamemixed
SigningCertificate: MIIDpzCCApegAwIBAgIQBf6ZQwK8+E...
LogOffUri : https://sts.testdomain.com/adfs/ls/?wa=wsignout1.0
PreferredAuthenticationProtocol : SAML
The syntax is as follows:
Get-MgDomainFederationConfiguration
-DomainId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[<CommonParameters>]
Example query
Get-MgDomainFederationConfiguration -DomainId "testdomain.com"
Example output
Id : 9b4e06db-2c6e-41d1-8b75-0a4a6a1d9f30
DomainId : testdomain.com
DisplayName :Testdomain
IssuerUri : http://sts.testdomain.com/adfs/services/trust
PassiveSignInUri : https://sts.testdomain.com/adfs/ls/
ActiveSignInUri : https://sts.bitscloud.com/adfs/services/trust/2005/usernamemixed
SigningCertificate : MIIC6jCCAdKgAwIBAgIQAJD4n6q6J...
LogOffUri : https://sts.testdomain.com/adfs/ls/?wa=wsignout1.0
PreferredAuthenticationProtocol : SAML
The output shows the federation settings for the domain testdomain.com in Microsoft Entra ID. It has a unique configuration Id tied to this domain, with a DisplayName that identifies the federation service. Authentication requests are redirected to the domain's identity provider through the IssuerUri, PassiveSignInUri, and ActiveSignInUri, which in this case point to ADFS. A SigningCertificate is in place to validate tokens issued by that provider. When users sign out, they're redirected to the LogOffUri. The federation here runs on the SAML protocol, which Entra ID uses to handle authentication for this domain.
ADManager Plus helps Microsoft 365 admins, with a clean, intuitive interface that makes everyday Microsoft 365 tasks simpler.
Create, modify, and manage users, groups, and licenses at scale. Perform bulk updates, assign or revoke licenses, adjust group memberships, and track license usage with ease.
Schedule periodic access reviews of group memberships and privileges to ensure only the right people retain access. Strengthen compliance and maintain least-privilege policies effortlessly.
Cut down routine admin work by automating user provisioning, license assignments, attribute updates, and group management. Configure once and let the system take care of it on schedule.
Assign admin responsibilities with role-based access controls so teams can operate efficiently without compromising security.
Schedule and generate up-to-date reports automatically, and export them in multiple formats to stay audit-ready always.