Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Creating cloud only users and hybrid users with SSO

Brass Contributor
We want to create Employee users as hybrid users and students users as cloud only users. Currently we are using password hash synchronization.
Employee users are hybrid users.
If we want to have SSO or want to go with ADFS, will it cause problem to have different types of users as cloud only users and hybrid or federated users.
Please advise.

Thanks and Regards,
6 Replies

With Password hash sync with seamless single sign-on it works fine to have both. I can't speak for ADFS or passthrough auth sso. But if you setup using the standard Password hash sync with seamless single sign-on option. It'll work fine with both Hybrid and Cloud users using your logins with same login domain with both synced and cloud only users.

Well, if the accounts are "cloud-only", as in no corresponding object exist in your on-premises AD, there is no way to use password sync, PTA, or AD FS for those. Instead management and authentication will be done completely against O365, including passwords.

I have one more question.
While using Azure AD connect for SSO or ADFS, can we use group filtering so that few users which we don't want to be on Azure AD and to be kept only on Local AD, can not be selected for synchronization or SSO.
Please advise.
Yes. Our filtering is an option while setting up and I recommend it. I filter things like service accounts and other things by not choosing the OUs they exist in.