With the release of Server 2012 R2, we now have a new version of ADFS that we can use for single sign on to Office 365 tenants. Of course the first question I had was “What does the new version of ADFS do that the old one does not?” I would say that the biggest new feature in ADFS 3.0 is a simple PowerShell based set of command that allow organizations to customize their ADFS log-in page. Let’s take a look at the new features of ADFS 3.0, and then we’ll take a closer look at how to customize your ADFS webpages.

The new features of ADFS 3.0 include

• No longer dependent on IIS. IIS no longer needs to be installed on your ADFS server, giving you a more secure server.
• Web page customization. We’ll go into greater detail below.
• Responsive design for multiple form factors. Like OWA in Exchange 2013, ADFS can now adjust size of on screen elements to better fit different form factors.
• Support for updating passwords. This is a big one. Users no long need to log into the corporate intranet to be able to change their password.

Some pretty good reasons in there to start using ADFS 3.0. Now let’s talk about how to customize your ADFS login page. The default ADFS 3.0 login page looks like this

You can modify the company name (Contoso Corp. in the above picture) by using the command

Set-AdfsGlobalWebContent –CompanyName “Contoso Corp”

To change the company logo displayed, you can use the following command. Please note, the recommended dimensions for the logo to be 260x35 @ 96 dpi with a file size of no greater than 10 KB.

Set-AdfsWebTheme -TargetName default -Logo @{path=”c:\Contoso\logo.png”}

To change the large illustration on the left the command is below. Please note, the recommended dimensions for the illustration to be 1420x1080 pixels @ 96 DPI with a file size of no greater than 200 KB.

Set-AdfsWebTheme -TargetName default -Illustration @{path=”c:\Contoso\illustration.png”}

You can add a sign-in page description with the following command.

Set-AdfsGlobalWebContent -SignInPageDescriptionText “Contoso Corp. authorized used only”

You can add a custom help desk link on the sign-in page with the following command

Set-AdfsGlobalWebContent -HelpDeskLink https://fs1.contoso.com/help/ -HelpDeskLinkText Help

To add a custom home link on the sign-in page

Set-AdfsGlobalWebContent -HomeLink https://fs1.contoso.com/home/ -HomeLinkText Home

To add a customer privacy policy link

Set-AdfsGlobalWebContent -PrivacyLink https://fs1.contoso.com/privacy/ -PrivacyLinkText Privacy

In addition, ADFS 3.0 support the creation of entire customer themes for the login page. As this requires CSS coding, it’s beyond me. In a future blog post, I’ll outline the process for setting up two factor authentication on the ADFS 3.0 sing-in page, as well as instructions on how to customize the update password page.