SOLVED
Home

Authenticate on-premise users without verifying the Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-388681%22%20slang%3D%22en-US%22%3EAuthenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-388681%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Experts%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20scenario.%20Our%20client%20is%20a%20part%20of%20large%20organisation%20that%20comprises%20many%20companies.%20All%20users%20in%20this%20company%20are%20all%20using%20the%20same%20namespace%20for%20on-premise%20access.%20e.g.%20rootdomain.com%3C%2FP%3E%3CP%3EUsers%20from%20our%20client%20and%20their%20parent%20organisation%20uses%20the%20following%20credentials%20to%20login%20to%20on-premise%20resources%20%3CUSERNAME%3E%40rootdomain.com.%20However%20our%20client%20do%20not%20have%20the%20control%20of%20the%20rootdomain.com%20and%20they%20will%20not%20be%20able%20to%20verify%20the%20ownership.%3C%2FUSERNAME%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20they%20have%20procured%20Office%20365%20services%20%5BPower%20BI%5D%20and%20have%20a%20tenant%20say%2C%20client.onmicrosoft.com.%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20are%20asking%3B%20%3CSTRONG%3E%3CEM%3Eif%20their%20users%20can%20use%20their%20existing%20on-premise%20credentials%20to%20authenticate%20against%20Azure%20AD%3C%2FEM%3E%3C%2FSTRONG%3E.%20My%20understanding%20is%20that%3B%20it%20is%20not%20possible%20to%20do%20this%20without%20verifying%20the%20domain%20%5Brootdomain.com%5D%20and%20without%20using%20AAD%20connect%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20correct%3F%3C%2FP%3E%3CP%3EIf%20not%2C%20is%20there%20any%20way%20to%20authenticate%20to%20Azure%20AD%20using%20a%20third%20party%20authentication%20providers%20by%20using%20some%20apps%20in%20Azure%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-388681%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389110%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389110%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389034%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20on-premise%20users%20without%20verifying%20the%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389034%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20only%20way%20to%20use%20their%20on-premises%20credentials%20is%20to%20verify%20the%20domain%2C%20that%20includes%20any%20auth%20method%20that%20uses%20attributes%20other%20than%20the%20UPN%20as%20well.%20Perhaps%20they%20can%20verify%20a%20subdomain%20instead%20of%20the%20root%20domain%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Palayathar
New Contributor

Dear Experts

 

This is the scenario. Our client is a part of large organisation that comprises many companies. All users in this company are all using the same namespace for on-premise access. e.g. rootdomain.com

Users from our client and their parent organisation uses the following credentials to login to on-premise resources <username>@rootdomain.com. However our client do not have the control of the rootdomain.com and they will not be able to verify the ownership.

 

Now, they have procured Office 365 services [Power BI] and have a tenant say, client.onmicrosoft.com. 

They are asking; if their users can use their existing on-premise credentials to authenticate against Azure AD. My understanding is that; it is not possible to do this without verifying the domain [rootdomain.com] and without using AAD connect 

 

Am I correct?

If not, is there any way to authenticate to Azure AD using a third party authentication providers by using some apps in Azure?

 

Thanks in advance

 

 

 

2 Replies
Solution

The only way to use their on-premises credentials is to verify the domain, that includes any auth method that uses attributes other than the UPN as well. Perhaps they can verify a subdomain instead of the root domain?

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies