Home

Can we use Azure AD for SSO for SaaS applications if we already use ADFS for SSO to Azure/O365?

%3CLINGO-SUB%20id%3D%22lingo-sub-294348%22%20slang%3D%22en-US%22%3ECan%20we%20use%20Azure%20AD%20for%20SSO%20for%20SaaS%20applications%20if%20we%20already%20use%20ADFS%20for%20SSO%20to%20Azure%2FO365%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-294348%22%20slang%3D%22en-US%22%3E%3CP%3EA%20little%20background%3A%20our%20organization%20uses%20ADFS%20for%20SSO%20with%20Office%20365%3B%20naturally%2C%20we%20sync%20our%20AD%20to%20Azure%20AD%20to%20make%20that%20work.%20We%20do%20not%20sync%20passwords%20with%20Azure.%20We%20need%20ADFS%20for%20Dynamics%20on-premises%2C%20so%20for%20now%20we're%20still%20using%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20I%20go%20to%20configure%20third-party%20SaaS%20applications%20(ex.%20Zoom%2C%20Adobe%2C%20etc.)%2C%20I%20have%20seen%20that%20they%20have%20documentation%20to%20configure%20SSO%20with%20Azure%20AD%20(i.e.%2C%20enterprise%20application%20gallery)%20or%20to%20configure%20it%20with%20ADFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20questions%20are%3A%3C%2FP%3E%3COL%3E%3CLI%3EIs%20it%20possible%20to%20configure%20these%20third-party%20services%20to%20use%20Azure%20AD%20for%20SSO%3F%20(Would%20Azure%20AD%20just%20turn%20around%20and%20authenticate%20with%20ADFS%3F)%3C%2FLI%3E%3CLI%3EIf%20so%2C%20what%20are%20the%20potential%20pros%2Fcons%20for%26nbsp%3Bthis%20configuration%3F%3C%2FLI%3E%3C%2FOL%3E%3CP%3EIf%20in%20the%20future%20we%20decide%20we%20no%20longer%20need%20ADFS%20and%20want%20to%20migrate%20towards%20a%20more%20Azure-centric%20configuration%2C%20my%20thoughts%20are%20that%20it%20would%20be%26nbsp%3Beasier%20if%20these%20SaaS%20apps%20are%20already%20in%20Azure%20AD.%20Plus%2C%20they%20can%20take%20advantage%20of%20things%20like%20MFA%2C%20Conditional%20Access%2C%20etc.%20right%20away.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20users%20will%20potentially%20see%20multiple%20login%20prompts%2C%20obviously%20that's%20not%20ideal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-294348%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Andrew Colombino
Occasional Contributor

A little background: our organization uses ADFS for SSO with Office 365; naturally, we sync our AD to Azure AD to make that work. We do not sync passwords with Azure. We need ADFS for Dynamics on-premises, so for now we're still using it.

 

As I go to configure third-party SaaS applications (ex. Zoom, Adobe, etc.), I have seen that they have documentation to configure SSO with Azure AD (i.e., enterprise application gallery) or to configure it with ADFS.

 

My questions are:

  1. Is it possible to configure these third-party services to use Azure AD for SSO? (Would Azure AD just turn around and authenticate with ADFS?)
  2. If so, what are the potential pros/cons for this configuration?

If in the future we decide we no longer need ADFS and want to migrate towards a more Azure-centric configuration, my thoughts are that it would be easier if these SaaS apps are already in Azure AD. Plus, they can take advantage of things like MFA, Conditional Access, etc. right away.

 

If users will potentially see multiple login prompts, obviously that's not ideal.

Related Conversations
Azure Files with adfs
Stephane KLOIS in Azure on
0 Replies
ADFS SSO sign-in as different user
Gurdev Singh in Azure Active Directory on
4 Replies
Calendar not available for older AD accounts
_jancis in Microsoft Teams on
0 Replies
Help with an IF AND formula
aanaya6 in Excel on
3 Replies
IF FUNCTION ISN'T WORKING NO MATTER HOW SIMPLE THE COMMAND IS
thomasea in Excel on
6 Replies