Home

Can we use Azure AD for SSO for SaaS applications if we already use ADFS for SSO to Azure/O365?

%3CLINGO-SUB%20id%3D%22lingo-sub-294348%22%20slang%3D%22en-US%22%3ECan%20we%20use%20Azure%20AD%20for%20SSO%20for%20SaaS%20applications%20if%20we%20already%20use%20ADFS%20for%20SSO%20to%20Azure%2FO365%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-294348%22%20slang%3D%22en-US%22%3E%3CP%3EA%20little%20background%3A%20our%20organization%20uses%20ADFS%20for%20SSO%20with%20Office%20365%3B%20naturally%2C%20we%20sync%20our%20AD%20to%20Azure%20AD%20to%20make%20that%20work.%20We%20do%20not%20sync%20passwords%20with%20Azure.%20We%20need%20ADFS%20for%20Dynamics%20on-premises%2C%20so%20for%20now%20we're%20still%20using%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20I%20go%20to%20configure%20third-party%20SaaS%20applications%20(ex.%20Zoom%2C%20Adobe%2C%20etc.)%2C%20I%20have%20seen%20that%20they%20have%20documentation%20to%20configure%20SSO%20with%20Azure%20AD%20(i.e.%2C%20enterprise%20application%20gallery)%20or%20to%20configure%20it%20with%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20questions%20are%3A%3C%2FP%3E%3COL%3E%3CLI%3EIs%20it%20possible%20to%20configure%20these%20third-party%20services%20to%20use%20Azure%20AD%20for%20SSO%3F%20(Would%20Azure%20AD%20just%20turn%20around%20and%20authenticate%20with%20ADFS%3F)%3C%2FLI%3E%3CLI%3EIf%20so%2C%20what%20are%20the%20potential%20pros%2Fcons%20for%26nbsp%3Bthis%20configuration%3F%3C%2FLI%3E%3C%2FOL%3E%3CP%3EIf%20in%20the%20future%20we%20decide%20we%20no%20longer%20need%20ADFS%20and%20want%20to%20migrate%20towards%20a%20more%20Azure-centric%20configuration%2C%20my%20thoughts%20are%20that%20it%20would%20be%26nbsp%3Beasier%20if%20these%20SaaS%20apps%20are%20already%20in%20Azure%20AD.%20Plus%2C%20they%20can%20take%20advantage%20of%20things%20like%20MFA%2C%20Conditional%20Access%2C%20etc.%20right%20away.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20users%20will%20potentially%20see%20multiple%20login%20prompts%2C%20obviously%20that's%20not%20ideal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-294348%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

A little background: our organization uses ADFS for SSO with Office 365; naturally, we sync our AD to Azure AD to make that work. We do not sync passwords with Azure. We need ADFS for Dynamics on-premises, so for now we're still using it.

 

As I go to configure third-party SaaS applications (ex. Zoom, Adobe, etc.), I have seen that they have documentation to configure SSO with Azure AD (i.e., enterprise application gallery) or to configure it with ADFS.

 

My questions are:

  1. Is it possible to configure these third-party services to use Azure AD for SSO? (Would Azure AD just turn around and authenticate with ADFS?)
  2. If so, what are the potential pros/cons for this configuration?

If in the future we decide we no longer need ADFS and want to migrate towards a more Azure-centric configuration, my thoughts are that it would be easier if these SaaS apps are already in Azure AD. Plus, they can take advantage of things like MFA, Conditional Access, etc. right away.

 

If users will potentially see multiple login prompts, obviously that's not ideal.

Related Conversations
PDF generation in Azure App Service
Ryan Stone in Azure on
0 Replies
Notify when App Service isn't available
meStupid in Azure on
1 Replies
NYC, NJ or PA Developer Opportunity
chpalmer in Azure on
0 Replies