Forum Discussion
Andrew Colombino
Dec 03, 2018Brass Contributor
Can we use Azure AD for SSO to SaaS applications if we already use ADFS for SSO to Azure/O365?
Some background: our organization uses ADFS for SSO to Office 365. Naturally, we sync our AD to Azure AD to make that happen, but we do not sync passwords or anything like that. We're stuck using ADF...
- Dec 04, 2018
Andrew Colombino generally most apps that support federation with ADFS would also support federation with AzureAD. In your case AzureAD would pass the authentication events down to your federated AzureAD providing the same login experience as you get with Office 365 etc.
I agree with your point about better preparing yourself to go without ADFS in the future. These days new clients use simpler tools like Password Hash Sync or Pass Through Authentication, it's easier to provide a highly reliable service and authentication is typically the most important service.
You would also be allowing these apps to use the more sophisticated security controls available as part of AzureAD. Condition Access, Multi-Factor Authentication, Identity Protection, MCAS etc.
StevenC365
Dec 04, 2018MVP
Andrew Colombino generally most apps that support federation with ADFS would also support federation with AzureAD. In your case AzureAD would pass the authentication events down to your federated AzureAD providing the same login experience as you get with Office 365 etc.
I agree with your point about better preparing yourself to go without ADFS in the future. These days new clients use simpler tools like Password Hash Sync or Pass Through Authentication, it's easier to provide a highly reliable service and authentication is typically the most important service.
You would also be allowing these apps to use the more sophisticated security controls available as part of AzureAD. Condition Access, Multi-Factor Authentication, Identity Protection, MCAS etc.
Andrew Colombino
Dec 04, 2018Brass Contributor
Thanks, StevenC365. It sounds like that's the way we want to go.