Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

seamless SSO

Iron Contributor


we want to use pass through authentication. I can set it up with AD connect and it runs. For a better user experience, I use the mail (attribute in on premise AD) to authenticate in O365 (azure AD).

I also set up seamless SSO but I don’t work. The group policy is set up with the login domains in Intranet Zone ( and

But seamless SSO is not working. What I can do to bring seamless SSO to work?






3 Replies

Afaik AlternateID is supported with both PTA/SSO. But not all O365 apps work correctly with it, review the list here:

Thanks for your information.


PTA works fine. But seamless doesn’t work. The Kerberos ticket is right.

But the AD attribute “servicePrincipalName” from the sync account is empty, so I think the Kerberos SPN is not correct.


What can I do to correct it?




I have question about AlternateID. Can we use it for PHS/SSO. Our customer has problem with SSO. We have tried all suggestions in MS sites describe:
but it didn´t help. I am wondering if I can advise this solution (AlternateID) to the customer. Thx for advise.