Forum Discussion
Azure AD - ADFS accounts without synchronization
Hello guys,
Couple of simple (I hope) questions:
- is it possible to authenticate users through on-premise ADFS server in Azure without actually importing users to the Azure AD? Or the user always has to be imported because only then he gets Azure Id and can use Azure resources?
- is there any option except Azure AD Connect to establish connection between ADFS server and Azure AD (so ADFS users can be authenticated)? The thing is that I don't have access to physical ADFS server, so I cannot install Azure AD Connect there.
Regards and thanks!
Tomasz
Hi, you will need Azure AD Connect in order for this to work and have the users visible in Azure AD. Check out - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-whatis
The AADC server does not have to be on the same server as AD FS though.
PeterRising so if I got that right - I may install and run Azure AD Connect on different machine and use it only for account synchronization, correct? This sounds promising.
About user synchronization - I was kind of hoping it won't be needed to import all these users (it's around 5k in this particular case) to AAD, I'm worried a bit about that (it could be a nightmare in terms of management).
Thanks for quick answer!
Regards
Tomasz
Yep, that's right. AADC can be run on a different machine. You'd need to run a custom installation and choose the option of Federation with AD FS as shown below.
Question though - do you really need AD FS for O365? Could you not go for Password Hash Sync or Pass through authentication instead?
