Home

Can we use Azure AD for SSO for SaaS applications if we already use ADFS for SSO to Azure/O365?

%3CLINGO-SUB%20id%3D%22lingo-sub-294348%22%20slang%3D%22en-US%22%3ECan%20we%20use%20Azure%20AD%20for%20SSO%20for%20SaaS%20applications%20if%20we%20already%20use%20ADFS%20for%20SSO%20to%20Azure%2FO365%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-294348%22%20slang%3D%22en-US%22%3E%3CP%3EA%20little%20background%3A%20our%20organization%20uses%20ADFS%20for%20SSO%20with%20Office%20365%3B%20naturally%2C%20we%20sync%20our%20AD%20to%20Azure%20AD%20to%20make%20that%20work.%20We%20do%20not%20sync%20passwords%20with%20Azure.%20We%20need%20ADFS%20for%20Dynamics%20on-premises%2C%20so%20for%20now%20we're%20still%20using%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20I%20go%20to%20configure%20third-party%20SaaS%20applications%20(ex.%20Zoom%2C%20Adobe%2C%20etc.)%2C%20I%20have%20seen%20that%20they%20have%20documentation%20to%20configure%20SSO%20with%20Azure%20AD%20(i.e.%2C%20enterprise%20application%20gallery)%20or%20to%20configure%20it%20with%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20questions%20are%3A%3C%2FP%3E%3COL%3E%3CLI%3EIs%20it%20possible%20to%20configure%20these%20third-party%20services%20to%20use%20Azure%20AD%20for%20SSO%3F%20(Would%20Azure%20AD%20just%20turn%20around%20and%20authenticate%20with%20ADFS%3F)%3C%2FLI%3E%3CLI%3EIf%20so%2C%20what%20are%20the%20potential%20pros%2Fcons%20for%26nbsp%3Bthis%20configuration%3F%3C%2FLI%3E%3C%2FOL%3E%3CP%3EIf%20in%20the%20future%20we%20decide%20we%20no%20longer%20need%20ADFS%20and%20want%20to%20migrate%20towards%20a%20more%20Azure-centric%20configuration%2C%20my%20thoughts%20are%20that%20it%20would%20be%26nbsp%3Beasier%20if%20these%20SaaS%20apps%20are%20already%20in%20Azure%20AD.%20Plus%2C%20they%20can%20take%20advantage%20of%20things%20like%20MFA%2C%20Conditional%20Access%2C%20etc.%20right%20away.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20users%20will%20potentially%20see%20multiple%20login%20prompts%2C%20obviously%20that's%20not%20ideal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-294348%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Andrew Colombino
Occasional Contributor

A little background: our organization uses ADFS for SSO with Office 365; naturally, we sync our AD to Azure AD to make that work. We do not sync passwords with Azure. We need ADFS for Dynamics on-premises, so for now we're still using it.

 

As I go to configure third-party SaaS applications (ex. Zoom, Adobe, etc.), I have seen that they have documentation to configure SSO with Azure AD (i.e., enterprise application gallery) or to configure it with ADFS.

 

My questions are:

  1. Is it possible to configure these third-party services to use Azure AD for SSO? (Would Azure AD just turn around and authenticate with ADFS?)
  2. If so, what are the potential pros/cons for this configuration?

If in the future we decide we no longer need ADFS and want to migrate towards a more Azure-centric configuration, my thoughts are that it would be easier if these SaaS apps are already in Azure AD. Plus, they can take advantage of things like MFA, Conditional Access, etc. right away.

 

If users will potentially see multiple login prompts, obviously that's not ideal.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies