SOLVED
Home

Authenticate on-premise users without verifying the Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-388681%22%20slang%3D%22en-US%22%3EAuthenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-388681%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Experts%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20scenario.%20Our%20client%20is%20a%20part%20of%20large%20organisation%20that%20comprises%20many%20companies.%20All%20users%20in%20this%20company%20are%20all%20using%20the%20same%20namespace%20for%20on-premise%20access.%20e.g.%20rootdomain.com%3C%2FP%3E%3CP%3EUsers%20from%20our%20client%20and%20their%20parent%20organisation%20uses%20the%20following%20credentials%20to%20login%20to%20on-premise%20resources%20%3CUSERNAME%3E%40rootdomain.com.%20However%20our%20client%20do%20not%20have%20the%20control%20of%20the%20rootdomain.com%20and%20they%20will%20not%20be%20able%20to%20verify%20the%20ownership.%3C%2FUSERNAME%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20they%20have%20procured%20Office%20365%20services%20%5BPower%20BI%5D%20and%20have%20a%20tenant%20say%2C%20client.onmicrosoft.com.%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20are%20asking%3B%20%3CSTRONG%3E%3CEM%3Eif%20their%20users%20can%20use%20their%20existing%20on-premise%20credentials%20to%20authenticate%20against%20Azure%20AD%3C%2FEM%3E%3C%2FSTRONG%3E.%20My%20understanding%20is%20that%3B%20it%20is%20not%20possible%20to%20do%20this%20without%20verifying%20the%20domain%20%5Brootdomain.com%5D%20and%20without%20using%20AAD%20connect%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20correct%3F%3C%2FP%3E%3CP%3EIf%20not%2C%20is%20there%20any%20way%20to%20authenticate%20to%20Azure%20AD%20using%20a%20third%20party%20authentication%20providers%20by%20using%20some%20apps%20in%20Azure%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-388681%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389110%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389110%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389034%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389034%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20only%20way%20to%20use%20their%20on-premises%20credentials%20is%20to%20verify%20the%20domain%2C%20that%20includes%20any%20auth%20method%20that%20uses%20attributes%20other%20than%20the%20UPN%20as%20well.%20Perhaps%20they%20can%20verify%20a%20subdomain%20instead%20of%20the%20root%20domain%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Palayathar
New Contributor

Dear Experts

 

This is the scenario. Our client is a part of large organisation that comprises many companies. All users in this company are all using the same namespace for on-premise access. e.g. rootdomain.com

Users from our client and their parent organisation uses the following credentials to login to on-premise resources <username>@rootdomain.com. However our client do not have the control of the rootdomain.com and they will not be able to verify the ownership.

 

Now, they have procured Office 365 services [Power BI] and have a tenant say, client.onmicrosoft.com. 

They are asking; if their users can use their existing on-premise credentials to authenticate against Azure AD. My understanding is that; it is not possible to do this without verifying the domain [rootdomain.com] and without using AAD connect 

 

Am I correct?

If not, is there any way to authenticate to Azure AD using a third party authentication providers by using some apps in Azure?

 

Thanks in advance

 

 

 

2 Replies
Solution

The only way to use their on-premises credentials is to verify the domain, that includes any auth method that uses attributes other than the UPN as well. Perhaps they can verify a subdomain instead of the root domain?

Highlighted
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies