Mar 05 2020
- last edited on
Jul 24 2020
we have a customer who has a synchronized AD. They use ADFS for Authentication and SSO, but SSO does not seem to work smoothly.
My guess is that the employee think SSO is working in some cases, because the have saved cookies or have active tokens. Wehen I want to recreate the issue with a simpe call of portal.office.com I'm always redirected to the ADFS Site URL and I have to enter the password.
I checked the account information in the Windows 10 device I cannot see an added work account.
Shouldn't the Office 365 work account automatically be added here?
So what is missing here?
Mar 05 2020 08:17 AM
Just using AAD Connect/AD FS on their own does not automatically add "work accounts". And for SSO - the redirect to AD FS is the expected behavior - if you want truly seamless experience, you need to use "smart links" or similar functionality and make sure that Windows Integrated Auth is used.
Mar 05 2020 01:10 PM
@Vasil MichevI compared with a different customer who utilizes ADFS with AAD Connect and nothing else (as far as I know) and new user will have their work account added immediately.
Would it be possible and useful to combine ADFS with Seamless SSO?
Mar 05 2020 11:24 PM
It's not about using something else, but additional configuration: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-federated-domain...