This is the scenario. Our client is a part of large organisation that comprises many companies. All users in this company are all using the same namespace for on-premise access. e.g. rootdomain.com
Users from our client and their parent organisation uses the following credentials to login to on-premise resources <username>@rootdomain.com. However our client do not have the control of the rootdomain.com and they will not be able to verify the ownership.
Now, they have procured Office 365 services [Power BI] and have a tenant say, client.onmicrosoft.com.
They are asking; if their users can use their existing on-premise credentials to authenticate against Azure AD. My understanding is that; it is not possible to do this without verifying the domain [rootdomain.com] and without using AAD connect
Am I correct?
If not, is there any way to authenticate to Azure AD using a third party authentication providers by using some apps in Azure?
The only way to use their on-premises credentials is to verify the domain, that includes any auth method that uses attributes other than the UPN as well. Perhaps they can verify a subdomain instead of the root domain?
Best Response confirmed by
Palayathar (New Contributor)