User Profile
yavordanev
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Re: Hybrid Azure AD Join (with ADFS present) question about SCP
JeremyTBradshaw I agree it's somewhat convoluted and I can't answer all of your questions but in terms of the authentication service, this is my understanding - think of how a user authenticates when logging into a laptop let's say - is it against a domain controller or Azure AD? Since we're talking about Hybrid Azure AD Join, Azure AD Connect, etc. I'm assuming in your case it's the first and you're dealing with a federated domain so the authentication service would be your ADFS server. Similarly, when you log into portal.office.com or portal.azure.com etc. and enter mailto:myname@myfederateddomain.xyz Microsoft will recognize the domain is federated and send you to your ADFS server to enter your credentials. If you were logging in as mailto:myname@mycompany.onmicrosoft.com,then authentication would happen on Microsoft's end in Azure AD and that would be your authentication service. As to Seamless SSO in the context of Hybrid Azure AD Join and Windows 10, please note this bit from the docs: "For Windows 10, Windows Server 2016 and later versions, it’s recommended to use SSO via primary refresh token (PRT). Seamless SSO needs the user's device to be domain-joined, but it is not used on Windows 10 Azure AD joined devices or hybrid Azure AD joined devices. SSO on Azure AD joined, Hybrid Azure AD joined, and Azure AD registered devices works based on the Primary Refresh Token (PRT)" https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso21KViews0likes8Comments
Recent Blog Articles
No content to show