Copilot for Microsoft 365 Tech Accelerator
Feb 28 2024 07:00 AM - Feb 29 2024 10:30 AM (PST)
Microsoft Tech Community

SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

Copper Contributor

Trying to get some understanding on what's considered as normal behavior for SSO on Office365 Apps on RDS/Citrix VDA (Shared Enviro)



Azure AD connect - Password Hash Sync - SSO Enabled


I thought with SSO enabled it would allow seamless integration so that when a user logs onto a computer, they are automatically signed into Office365.  However this does not seem to be the case, users are occasionally prompted to Sign In for Activation.  Is this normal behavior with SSO Enabled?


I've also followed instructions for shared computer activation configuration.

But in that article is suggest using SSO.  I've enabled SSO via this instructions:


Does anyone have any suggestions? Curious whether Pass-Thru Authentication should be used rather than Password Hash Sync; however, both can enable SSO.




4 Replies

@damianmark I have the same question, have you got the chance to get an answer anywhere?



I've the same settup and saw the same problem.

I used the article but it doesn't solve my problem.


First of all I disabled MFA in azure ad for this tenant.  I think it's contradicorial to have SSO but enforce to use MFA.  Keep in mind, my customers are very samll ocmpanys and don't have azure ad premium or E3 E5.

Because this limitation, we cannot use trused ip to disable MFA only for the XenApp servers.


This is my problem:

When using seamless mode, Office 365 always asked to login and activation isn't stored.

The workaround is to login in a full screen and activate, but after a while, 30 days token, the login screen reappaer.


I create a support ticket at Citix (Citrix - 80222815) and they tolled me to add an adiditional regsitry key:

  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
  • Name = DisableAADWAM
  • Type = REG_DWORD
  • Value = 1

So SSO was working already (you an test this by

After this change Office 365 was able to activate and token is update at %localappdata%\microsoft\office\16.0\licensing


Beacuse I don't understand the change in the registry (what I'm doing exactly) I created a case with Microsoft (Case 23508770).

I got 9 engineers in a periode of 2 months but nobody understands seamless mode.  The most of them where thinking I'm using office web apps because they where confused by login in with netsclaer/storefront.

After 2 months Microsoft concluded that this was a Citrix only problem and that the 2 registry keys (article + additional) may not been modified because this will disable mondern authentication.


Therefor I replied today to the solution of Citrix that there solotuin isn't supported by Microsoft.

I also asked that Citrix will taken this problem to Microsoft because they have an great relationship.


Today I use the Citrix solution that isn't supported.


With 30 days I will know if it is still working.

(when I remove the idnetity key in the registery and remove the tokens, it seem to work).




Roel Niesen









do you have any news from MS or Citrix on this pb?

I have exactly the same problem, for a client...

SSO does not work in published application, but works fine in published desktop.

and we don't want to disable modern auth

thanks ! for return


Have you got any word back from Citrix or Microsoft?