cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pass-through authentication is now available in Preview

Vasil Michev
MVP

‎Dec 07 2016 11:20 AM - last edited on ‎Jan 14 2022 03:44 PM by

‎Dec 07 2016 11:20 AM - last edited on ‎Jan 14 2022 03:44 PM by

Pass-through authentication is now available in Preview

"The replacement" of AD FS, at least for some scenarios, which offers the same seamless SSO experience without requiring AD FS or any (major) changes to the on-prem infrastructure is now available for testing via Preview.

 

Full news here: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-a...

 

Documentation is here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-aut...

 

And more details are available in the Ignite session recording: https://www.youtube.com/watch?v=prOivxVbv9U

1,657 Views
2 Likes
3 Replies
Reply
3 Replies
Peter Samuelsson

‎Dec 07 2016 12:39 PM

‎Dec 07 2016 12:39 PM

Re: Pass-through authentication is now available in Preview

I can see the value for this.

But now we are going to have three ways of authentication in azure.

Currently we have AADconnect with password hash sync and password writeback enabled. We also have ADFS installed but not configured from AADConnect.

 

How does Pass-Through authentication fit in? Can we have all three? If you can, how is the authentication route choosen?

 

In Pass-Through authentication if there is no connection to the on-prem enviroment will the user still be able to logon or will it fail?

0 Likes
Reply
Vasil Michev

‎Dec 07 2016 11:30 PM

‎Dec 07 2016 11:30 PM

Re: Pass-through authentication is now available in Preview

If there's no connection to on-prem auth will fail, same if the AADConnect server is down. That's why it's recommended to have the connector installed on another machine as well. And for fallback, you can use password sync.

 

As for fitting in, it really depends on your requirements. Most organizations want to use the same set of credentials and have seamless SSO - with PTA they can now have it without requiring AD FS. But if you do anything with claims rules or similar, you'll probably have to stick with AD FS (plus, AD FS is used for more than just O365).

0 Likes
Reply
Liz Braun

‎Mar 08 2017 01:49 PM

‎Mar 08 2017 01:49 PM

Re: Pass-through authentication is now available in Preview

@Vasil Michev wrote:

"The replacement" of AD FS, at least for some scenarios, which offers the same seamless SSO experience without requiring AD FS or any (major) changes to the on-prem infrastructure is now available for testing via Preview.

 

Full news here: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-a...

 

Documentation is here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-aut...

 

And more details are available in the Ignite session recording: https://www.youtube.com/watch?v=prOivxVbv9U

Awesome! Excited and hopeful this resolves the issue for us :)

0 Likes
Reply