Forum Discussion

FGomezD's avatar
FGomezD
Copper Contributor
Nov 25, 2024

General Question About Federation

Hello,

 

We have a federated domain and to my knowledge this means that all authentication for this domain will be send to ADFS and will not be directly handled in Azure Entra ID.

Is the following statement correct:

When I register an APP in Entra ID the authentication will still be handed off to ADFS. (when my user types in email address removed for privacy reasons.

I will first go to microsoft that will then hand it off to ADFS.

Will there by any additional config required on the ADFS server for the registered application? 

If i would like to bypass this federated authentication the only way to do this is change it to a managed domain removing the federation or do a staged rollout as described below

 

Microsoft Entra Connect: Cloud authentication via Staged Rollout - Microsoft Entra ID | Microsoft Learn

 

  • Federation is configured on a per-app basis, but if the application in place is Entra ID integrated one (i.e. leverages Entra for authentication), you will be redirected to the AD FS. Whether there is additional configuration needed will depend on the application, best check with the vendor. In general, for Entra ID integrated apps, you should be fine.

Resources