Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

seamless SSO

Iron Contributor

Hallo,

we want to use pass through authentication. I can set it up with AD connect and it runs. For a better user experience, I use the mail (attribute in on premise AD) to authenticate in O365 (azure AD).

I also set up seamless SSO but I don’t work. The group policy is set up with the login domains in Intranet Zone (https://autologon.microsoftazuread-sso.com andhttps://aadg.windows.net.nsatc.net).

But seamless SSO is not working. What I can do to bring seamless SSO to work?

 

 

 

Regards

Stefan

3 Replies

Afaik AlternateID is supported with both PTA/SSO. But not all O365 apps work correctly with it, review the list here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-logi...

Thanks for your information.

 

PTA works fine. But seamless doesn’t work. The Kerberos ticket is right.

But the AD attribute “servicePrincipalName” from the sync account is empty, so I think the Kerberos SPN is not correct.

 

What can I do to correct it?

 

Regards

Stefan

I have question about AlternateID. Can we use it for PHS/SSO. Our customer has problem with SSO. We have tried all suggestions in MS sites describe:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
but it didn´t help. I am wondering if I can advise this solution (AlternateID) to the customer. Thx for advise.