Mar 22 2018 11:35 AM
Hi all,
In our environment we configured mail=UPN and we are using UPN as a user logon to Azure/O365. Is it possible to configure Windows workstation to connect to Office 365 sites using IE with pass-through (without taping the mail/UPN)?
Thank you in advance for your help.
Regards
Mar 22 2018 01:33 PM
Hi Pop,
You will need to implement ADFS to reach your goal.
Read more here - https://blogs.technet.microsoft.com/rmilne/2017/04/28/how-to-install-ad-fs-2016-for-office-365/
Mar 22 2018 01:50 PM - edited Mar 22 2018 01:52 PM
I do not use ADFS and do not have to input my login for Web access. I am using ADSync with SSO. If you setup your Group Policy correctly with the proper sites. etc. And then setup 365 work account, and or do Hybrid Domain Join you do not need to login.
Here is the article I used to setup Seamless SIgn On, and it works quiet well. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso
Mar 22 2018 02:37 PM
Hi Christopher,
It's also an option, but depends the requirements. Some customers will always use ADFS because of privacy of passwords and access services.
Mar 22 2018 02:47 PM
Mar 23 2018 12:47 AM
PTA can work with AlternateId (using any attribute other than UPN), and so does AAD Connect SSO, so AD FS is not mandatory unless you have some very specific requirements. Now, if you need true "seamless" SSO, in all cases you will also have to configure some form of smart links, for any/all applications that do not send domain_hint information as part of the auth flow. Otherwise you will still have to enter the UPN (mail) of the user before SSO happens.