SharePoint Hybrid worksheet
for a one-way inbound or two-way authentication topology
Use this worksheet if you are deploying a SharePoint hybrid environment using either a one-way inbound or a two-way authentication topology.
Table 1: User accounts
Info needed / Description / ValueGlobal Administrator / Office 365 account that has been assigned to the Global Administrator role for Office 365.
AD Domain Administrator / AD account in the Domain Admins group of the on-premises domain.
AD Enterprise Administrator / AD account in the Enterprise Admins group of the on-premises domain.
SharePoint Farm Administrator / Member of the Farm Administrators group of the on-premises SharePoint farm.
Federated Users / AD accounts that have been synchronized with Office 365.
Table 2: Choices
Info needed / ChoiceAuthentication topology
Choose one of the following:
- One-way inbound only
- Two-way
Site collection strategy
Choose one of the following:
- Host-named site collection
- Path-based site collection (with AAM)
- Path-based site collection (without AAM)
New or existing web application
Choose one of the following:
- New
- Existing
Identity management type
Choose one of the following:
- ADFS with SSO
- DirSync with Password Sync
Table 3: Public Domain Info
Info needed / Description / ValuePublic Internet Domain name / Domain name of the public-facing corporate DNS domain.
e.g. adventureworks.com
IP Address of the external endpoint / IP address of the external endpoint of the reverse proxy device that faces the Internet. This is used to create an A host record in your public domain.
e.g. 10.10.10.13
External URL / The endpoint URL of the reverse proxy device that faces the Internet.
e.g.
spexternal.adventureworks.com
UPN Domain Suffix / The UPN domain suffix in your on-premises AD domain that matches the public domain.
e.g.
sharepoint.adventureworks.com
Table 4a: STS Certificate
Info needed / ValueSTS Certificate Friendly Name
STS Certificate path\filename (*.pfx file)
STS Certificate Password
STS Certificate path\filename (*.cer file)
Subject Name
STS Certificate Start Date
(the date the certificate was issued)
STS Certificate End Date
(the certificate expiration date)
Table 4b: Secure Channel SSL Certificate
Info needed / Description / ValueSecure Channel SSL Certificate location and filename / Provides a secure communication channel between the reverse proxy device and Office 365.
Provide the name of the certificate, including file extension and the location where it’s stored.
Secure Channel SSL Certificate Friendly Name / (Optional) Friendly name of this certificate, if there is one.
Type of certificate / Is this a wildcard or SAN certificate?
Expiration date / Date the certificate expires.
Secure Channel SSL Certificate password / If this certificate contains a private key, record the password assigned to the certificate.
Table 4c: Web Application SSL Certificate
Info needed / Description / ValueWeb Application SSL Certificate location and filename / Provides a secure communication channel between the reverse proxy device and Office 365.
Provide the name and location of the certificate, including file extension.
Web Application SSL Certificate Friendly Name / Friendly name of this certificate.
Type of certificate / Is this a wildcard or SAN certificate?
Expiration date / Date the certificate expires.
Web Application SSL Certificate Password / If this certificate contains a private key, record the password assigned to the certificate. / ?
Table 5a: Primary web application (host-named site collection)
Info needed / Description / ValuePrimary web application URL / The URL, including the port number, of the web application you want to use for SharePoint hybrid.
e.g.
Port number of the web application / Port number configured for the extended web application.
e.g. 443.
Protocol of the web application / Protocol used for the extended web application.
e.g. http or https.
Host-named site collection URL / URL of the top-level site collection of the web application you are using for SharePoint hybrid.
e.g.
Table 5b: Primary web application (path-based web application without AAM)
Info needed / Description / ValuePrimary web application URL / The URL, including the port number, of the web application you want to use for SharePoint hybrid.
Port number of the web application / Port number configured for the extended web application.
e.g. 443.
Protocol of the web application / Protocol used for the extended web application.
e.g. http or https.
Table 5c: Primary web application (path-based web application with AAM)
Info needed / Description / ValuePrimary web application URL / The internal URL of the primary web application, including the port number.
Port number of the extended web application / The port number assigned to the extended web application. This is needed when configuring the reverse proxy device.
Protocol of the extended web application / Protocol used for the extended web application.
e.g. http or https.
AAM Zone of the extended web application / The AAM zone you chose when extending the primary web application.
Bridging URL / This is the URL you use when you add an AAM (Internal URL) to the zone of the extended web application.
This URL is comprised of the protocol of the extended web application and the host name you want to use as the bridging URL.
Table 6: SharePoint Online Secure Store Target Application
Info needed / Description / ValueTarget Application ID / Target application ID that you assigned to the target application.
Target Application Display Name / Friendly name of the target application.
Target Application Admins / Admins who can manage this target application.
Target Application Members / Federated users who you want to enable to use hybrid functionality or the security group in Office 365 that contains the federated users.