How can I achieve seamless SSO?

Bronze Contributor

Sometime last year I achieved seamless SSO in our corporate environment with the following tools:

 

  • Windows 10 Clients
    • IE11 (by adding some URLs to the intranet/trusted zones)
    • Chrome (with some trickery on ADFS to get this working)
    • and generally adding the whr parameter to bookmarks deployed via GPO
  • Azure AD Connect
  • ADFS onPrem with 2012 R2 (domain is generally on 2012 R2 level)

 

but with the latest changes over last couple of months, this setup stopped working. I need some guidance as I no longer know what the absolute best way to deploy seamless SSO is. These are the tools at my disposal:

 

  • Windows 10 v1709 onPrem domain joined/AAD hybrid joined devices
  • (I'd like it work with all 3 browsers preferably) 
    • Chrome
    • Edge
    • IE11
  • Proper setup UPN for all users
  • MFA active on all users
    • except for onPrem IP-Range
  • Windows Server 2012 R2 onPrem
    • if 2016 is a requirement for this, I'll happily upgrade somehow
  • Azure AD Connect
  • SCCM (latest), incl. Hybrid AAD Joined Devices - but Windows 10 is mostly managed by SCCM and not Intune.

 

I have no requirement for authentication to happen onPrem, I just did it because it allowed for true SSO back then.

I basically NEVER want an authentication prompt, neither username or password, within my corporate environment. As in, a freshly deployed machine with a brand new user account automatically signs into www.office.com on the very first try, no fuss 😉

 

Please tell me this is still somehow possibly.

1 Reply

Hello Ivan,

There are two ways to have seamless SSO with Azure AD:- 

1)- Pass-though Seamless SSO.

2)-Password Sync Seamless SSO.

 

Recently watched a video that has explained everything briefly and this might help you as well.

https://www.youtube.com/watch?v=kRPExiS4EwI&t=14s