Forum Discussion
seamless SSO
Hallo,
we want to use pass through authentication. I can set it up with AD connect and it runs. For a better user experience, I use the mail (attribute in on premise AD) to authenticate in O365 (azure AD).
I also set up seamless SSO but I don’t work. The group policy is set up with the login domains in Intranet Zone (https://autologon.microsoftazuread-sso.com andhttps://aadg.windows.net.nsatc.net).
But seamless SSO is not working. What I can do to bring seamless SSO to work?
Regards
Stefan
3 Replies
Afaik AlternateID is supported with both PTA/SSO. But not all O365 apps work correctly with it, review the list here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id
- I have question about AlternateID. Can we use it for PHS/SSO. Our customer has problem with SSO. We have tried all suggestions in MS sites describe:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
but it didn´t help. I am wondering if I can advise this solution (AlternateID) to the customer. Thx for advise. Thanks for your information.
PTA works fine. But seamless doesn’t work. The Kerberos ticket is right.
But the AD attribute “servicePrincipalName” from the sync account is empty, so I think the Kerberos SPN is not correct.
What can I do to correct it?
Regards
Stefan
