seamless SSO

%3CLINGO-SUB%20id%3D%22lingo-sub-182870%22%20slang%3D%22en-US%22%3Eseamless%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182870%22%20slang%3D%22en-US%22%3E%3CP%3EHallo%2C%3C%2FP%3E%3CP%3Ewe%20want%20to%20use%20pass%20through%20authentication.%20I%20can%20set%20it%20up%20with%20AD%20connect%20and%20it%20runs.%20For%20a%20better%20user%20experience%2C%20I%20use%20the%20mail%20(attribute%20in%20on%20premise%20AD)%20to%20authenticate%20in%20O365%20(azure%20AD).%3C%2FP%3E%3CP%3EI%20also%20set%20up%20seamless%20SSO%20but%20I%20don%E2%80%99t%20work.%20The%20group%20policy%20is%20set%20up%20with%20the%20login%20domains%20in%20Intranet%20Zone%20(%3CA%20href%3D%22https%3A%2F%2Fautologon.microsoftazuread-sso.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fautologon.microsoftazuread-sso.com%3C%2FA%3E%20andhttps%3A%2F%2Faadg.windows.net.nsatc.net).%3C%2FP%3E%3CP%3EBut%20seamless%20SSO%20is%20not%20working.%20What%20I%20can%20do%20to%20bring%20seamless%20SSO%20to%20work%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-182870%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-182954%22%20slang%3D%22en-US%22%3ERe%3A%20seamless%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182954%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20your%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPTA%20works%20fine.%20But%20seamless%20doesn%E2%80%99t%20work.%20The%20Kerberos%20ticket%20is%20right.%3C%2FP%3E%3CP%3EBut%20the%20AD%20attribute%20%E2%80%9CservicePrincipalName%E2%80%9D%20from%20the%20sync%20account%20is%20empty%2C%20so%20I%20think%20the%20Kerberos%20SPN%20is%20not%20correct.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20can%20I%20do%20to%20correct%20it%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EStefan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-182933%22%20slang%3D%22en-US%22%3ERe%3A%20seamless%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182933%22%20slang%3D%22en-US%22%3E%3CP%3EAfaik%20AlternateID%20is%20supported%20with%20both%20PTA%2FSSO.%20But%20not%20all%20O365%20apps%20work%20correctly%20with%20it%2C%20review%20the%20list%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfiguring-alternate-login-id%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfiguring-alternate-login-id%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hallo,

we want to use pass through authentication. I can set it up with AD connect and it runs. For a better user experience, I use the mail (attribute in on premise AD) to authenticate in O365 (azure AD).

I also set up seamless SSO but I don’t work. The group policy is set up with the login domains in Intranet Zone (https://autologon.microsoftazuread-sso.com andhttps://aadg.windows.net.nsatc.net).

But seamless SSO is not working. What I can do to bring seamless SSO to work?

 

 

 

Regards

Stefan

2 Replies

Afaik AlternateID is supported with both PTA/SSO. But not all O365 apps work correctly with it, review the list here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-logi...

Thanks for your information.

 

PTA works fine. But seamless doesn’t work. The Kerberos ticket is right.

But the AD attribute “servicePrincipalName” from the sync account is empty, so I think the Kerberos SPN is not correct.

 

What can I do to correct it?

 

Regards

Stefan

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies