Forum Discussion
SharePoint online single sign on with on-premise AD
We are planning to implement intranet on SharePoint Online. Currently, the office 365 apps & SharePoint authentication is based on Azure AD which is office 365 email & password. However, we want to use on-Premise AD domain username and password for single sign-on. Our IT syncs only the user details from On-Premise AD to Azure AD but not the password . They don't want to sync the password for now and keep them segregated.
We want to have few site with On-premise authentication and leaving the rest(as Teams are based on SharePoint online). So, 1. are there any solutions within Office365 or third party AD authentication solutions. 2. Can the solution be applied to specific sites or does it have be all the sites?
Thanks.
- You can sync the local AD with Azure AD without synchronizing passwords by deploying Azure AD Connect with PTA (Pass Through Authentication). In this way, passwords are always checked in local AD: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta?WT.mc_id=EM-MVP-4015732
Thanks for the quick reply.
If the Azure AD connect with pass through is deployed then this would require users to authenticate all the cloud apps including SharePoint online with On-Premise AD. However, we are looking for some solution that only applies to SharePoint online and if possible only to limited number of sites so that the Teams SharePoint sites will not be effected.
- Hi,
I might be mistaken, but what you are looking for I'm pretty sure is not possible with SPO itself neither with a third party product. SPO relies on Azure AD as the rest of the services and solutions available in Microsoft 365
