Forum Discussion

VasilMichev's avatar
Dec 07, 2016

Pass-through authentication is now available in Preview

"The replacement" of AD FS, at least for some scenarios, which offers the same seamless SSO experience without requiring AD FS or any (major) changes to the on-prem infrastructure is now available for testing via Preview.

 

Full news here: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/

 

Documentation is here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication

 

And more details are available in the Ignite session recording: https://www.youtube.com/watch?v=prOivxVbv9U

  • I can see the value for this.

    But now we are going to have three ways of authentication in azure.

    Currently we have AADconnect with password hash sync and password writeback enabled. We also have ADFS installed but not configured from AADConnect.

     

    How does Pass-Through authentication fit in? Can we have all three? If you can, how is the authentication route choosen?

     

    In Pass-Through authentication if there is no connection to the on-prem enviroment will the user still be able to logon or will it fail?

    • VasilMichev's avatar
      VasilMichev
      MVP

      If there's no connection to on-prem auth will fail, same if the AADConnect server is down. That's why it's recommended to have the connector installed on another machine as well. And for fallback, you can use password sync.

       

      As for fitting in, it really depends on your requirements. Most organizations want to use the same set of credentials and have seamless SSO - with PTA they can now have it without requiring AD FS. But if you do anything with claims rules or similar, you'll probably have to stick with AD FS (plus, AD FS is used for more than just O365).

  • Liz Braun's avatar
    Liz Braun
    Copper Contributor

    VasilMichev wrote:

    "The replacement" of AD FS, at least for some scenarios, which offers the same seamless SSO experience without requiring AD FS or any (major) changes to the on-prem infrastructure is now available for testing via Preview.

     

    Full news here: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/

     

    Documentation is here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication

     

    And more details are available in the Ignite session recording: https://www.youtube.com/watch?v=prOivxVbv9U


    Awesome! Excited and hopeful this resolves the issue for us :)

Resources