How can I achieve seamless SSO?

Valued Contributor

Sometime last year I achieved seamless SSO in our corporate environment with the following tools:


  • Windows 10 Clients
    • IE11 (by adding some URLs to the intranet/trusted zones)
    • Chrome (with some trickery on ADFS to get this working)
    • and generally adding the whr parameter to bookmarks deployed via GPO
  • Azure AD Connect
  • ADFS onPrem with 2012 R2 (domain is generally on 2012 R2 level)


but with the latest changes over last couple of months, this setup stopped working. I need some guidance as I no longer know what the absolute best way to deploy seamless SSO is. These are the tools at my disposal:


  • Windows 10 v1709 onPrem domain joined/AAD hybrid joined devices
  • (I'd like it work with all 3 browsers preferably) 
    • Chrome
    • Edge
    • IE11
  • Proper setup UPN for all users
  • MFA active on all users
    • except for onPrem IP-Range
  • Windows Server 2012 R2 onPrem
    • if 2016 is a requirement for this, I'll happily upgrade somehow
  • Azure AD Connect
  • SCCM (latest), incl. Hybrid AAD Joined Devices - but Windows 10 is mostly managed by SCCM and not Intune.


I have no requirement for authentication to happen onPrem, I just did it because it allowed for true SSO back then.

I basically NEVER want an authentication prompt, neither username or password, within my corporate environment. As in, a freshly deployed machine with a brand new user account automatically signs into on the very first try, no fuss ;)


Please tell me this is still somehow possibly.

1 Reply

Hello Ivan,

There are two ways to have seamless SSO with Azure AD:- 

1)- Pass-though Seamless SSO.

2)-Password Sync Seamless SSO.


Recently watched a video that has explained everything briefly and this might help you as well.



This video is for the understanding of Pass through authentication with seamless SSO.Please click on the below mentioned link to check more details as per Mi...