Cloud Auth - Mix PTA and PHS

%3CLINGO-SUB%20id%3D%22lingo-sub-1931111%22%20slang%3D%22en-US%22%3ECloud%20Auth%20-%20Mix%20PTA%20and%20PHS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1931111%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20mix%20between%20managed%20and%20federated%20AUTH%20for%20different%20domains%20within%20same%20tenant.%3C%2FP%3E%3CP%3EIs%20it%20it%20even%20possible%20todo%20the%20same%20with%20PTA%20and%20PHS%20for%20different%20domains%20within%20same%20tenant.%3C%2FP%3E%3CP%3EEx.%20users%20with%20%40domain1.net%20will%20use%20PTA%20and%20users%20with%20%40domain2.net%20will%20use%20PHS%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECant%20find%20any%20direct%20statement%20about%20it%20in%20any%20documentation%20but%20the%20setting%20is%20global%20when%20configured%20within%20AD%20Connect%20which%20indicates%20its%20a%20tenant%20wide%20setting%20like%20domains%20that%20are%20Managed%20will%20either%20use%20PTA%20or%20PHS%20within%20same%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1931111%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1931519%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20Auth%20-%20Mix%20PTA%20and%20PHS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1931519%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20the%20only%20supported%20way%20to%20configure%20those%20is%20via%20AAD%20Connect%2C%20which%20only%20allows%20you%20to%20do%20it%20on%20per-tenant%20level%2C%20afaik%20it's%20not%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

You can mix between managed and federated AUTH for different domains within same tenant.

Is it it even possible todo the same with PTA and PHS for different domains within same tenant.

Ex. users with @domain1.net will use PTA and users with @domain2.net will use PHS

 

Cant find any direct statement about it in any documentation but the setting is global when configured within AD Connect which indicates its a tenant wide setting like domains that are Managed will either use PTA or PHS within same tenant.

2 Replies

Since the only supported way to configure those is via AAD Connect, which only allows you to do it on per-tenant level, afaik it's not possible.

Thanks Vasil!