Apr 15 2018
- last edited on
Jan 14 2022
we want to use pass through authentication. I can set it up with AD connect and it runs. For a better user experience, I use the mail (attribute in on premise AD) to authenticate in O365 (azure AD).
I also set up seamless SSO but I don’t work. The group policy is set up with the login domains in Intranet Zone (https://autologon.microsoftazuread-sso.com andhttps://aadg.windows.net.nsatc.net).
But seamless SSO is not working. What I can do to bring seamless SSO to work?
Apr 15 2018 10:53 AM
Afaik AlternateID is supported with both PTA/SSO. But not all O365 apps work correctly with it, review the list here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-logi...
Apr 15 2018 01:51 PM
Thanks for your information.
PTA works fine. But seamless doesn’t work. The Kerberos ticket is right.
But the AD attribute “servicePrincipalName” from the sync account is empty, so I think the Kerberos SPN is not correct.
What can I do to correct it?
Sep 20 2021 12:00 AM