Forum Discussion
Azure AD - ADFS accounts without synchronization
Hi, you will need Azure AD Connect in order for this to work and have the users visible in Azure AD. Check out - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-whatis
The AADC server does not have to be on the same server as AD FS though.
PeterRising so if I got that right - I may install and run Azure AD Connect on different machine and use it only for account synchronization, correct? This sounds promising.
About user synchronization - I was kind of hoping it won't be needed to import all these users (it's around 5k in this particular case) to AAD, I'm worried a bit about that (it could be a nightmare in terms of management).
Thanks for quick answer!
Regards
Tomasz
Yep, that's right. AADC can be run on a different machine. You'd need to run a custom installation and choose the option of Federation with AD FS as shown below.
Question though - do you really need AD FS for O365? Could you not go for Password Hash Sync or Pass through authentication instead?
The scenario here is that we have many users being in multiple external on-premises ADs. These on-premises ADs are gathered together in one master AD FS server and this is actually the only option from my point of view. The goal is to make it possible for these users to login to our App Service web app which we host in Azure. The requirement is to have SSO for these users, so they can reuse their domain accounts.
Regards
Tomasz
