Forum Discussion
Can we use Azure AD for SSO to SaaS applications if we already use ADFS for SSO to Azure/O365?
Andrew Colombino generally most apps that support federation with ADFS would also support federation with AzureAD. In your case AzureAD would pass the authentication events down to your federated AzureAD providing the same login experience as you get with Office 365 etc.
I agree with your point about better preparing yourself to go without ADFS in the future. These days new clients use simpler tools like Password Hash Sync or Pass Through Authentication, it's easier to provide a highly reliable service and authentication is typically the most important service.
You would also be allowing these apps to use the more sophisticated security controls available as part of AzureAD. Condition Access, Multi-Factor Authentication, Identity Protection, MCAS etc.
Keep your SSO with your ADFS, and configure the connection from Azure AD's saml2 should Work fine.
No need to change your on prem / azure sso away from ADFS if it Works for you and you have to use the ADFS anyway.
Also with PTA or Password Hash and Seamless SSO you wont be able to get simple stuff like password expire notification to your users if you have some that is cloud only (federeted ID but not using on prem services).
You could enable Password hash sync so that you would be able to use leaked password detection in Identity Protection service, or as a backup if ever your ADFS went dead.
If you requre an on-prem ADFS setup for something else, by all means use it to SSO to Azure also.