{"id":7100,"date":"2016-12-12T08:40:28","date_gmt":"2016-12-12T14:40:28","guid":{"rendered":"http:\/\/www.highclouder.com\/?p=7100"},"modified":"2024-05-21T14:49:52","modified_gmt":"2024-05-21T14:49:52","slug":"azure-ad-pass-authentication-seamless-single-sign","status":"publish","type":"post","link":"https:\/\/www.highclouder.com\/?p=7100","title":{"rendered":"Azure AD Pass-Through Authentication and Seamless Single Sign-on"},"content":{"rendered":"<p>I hope there is no need to explain what is &#8220;Azure AD Connect&#8221; :). We like it or not, but all organisations, that want to work with Office 365 \/ Azure probably be starting with a hybrid configuration where existing Active Directory objects (and in some cases passwords) on-premises sync to Azure AD using Azure AD Connect.<\/p>\n<p>Recently Microsoft released Azure AD Connect build 1.1.377.0, that introduced &#8220;Azure Pass-Through Authentication&#8221; (It is currently in public preview). Azure Pass-Through Authentication aimed to provide the following features:<!--more--><\/p>\n<ul>\n<li>SSO capabilities with passwords that are managed on-premises<\/li>\n<li>Does not increase the on-prem IT footprint like AD FS does<\/li>\n<li>Eliminates requirements for un-authenticated end points on the Internet<\/li>\n<li>Super simple to implement<\/li>\n<\/ul>\n<p><H2>So, what is Pass-Through Authentication and How Does It Work?<\/H2><br \/>\nAzure Pass-Through Authentication routes authentication requests from Office 365 through a simple connector deployed on-premises to our on-prem Active Directory. The connector uses only secure outbound communications, so no DMZ or Internet-facing endpoint is required.<\/p>\n<p>Pass-through Authentication uses Kerberos authentication between the on-prem connector and AD, so it offers a true SSO experience for users on domain-joined computers.<\/p>\n<p><a href=\"http:\/\/dev.highclouder.com\/wp-content\/uploads\/2016\/12\/Azure-AD-Pass-Through-Authentication-e1481496753391.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/dev.highclouder.com\/wp-content\/uploads\/2016\/12\/Azure-AD-Pass-Through-Authentication-e1481496753391.png\" alt=\"\" width=\"760\" height=\"536\" class=\"aligncenter size-full wp-image-7101\" srcset=\"https:\/\/www.highclouder.com\/wp-content\/uploads\/2016\/12\/Azure-AD-Pass-Through-Authentication-e1481496753391.png 760w, https:\/\/www.highclouder.com\/wp-content\/uploads\/2016\/12\/Azure-AD-Pass-Through-Authentication-e1481496753391-300x212.png 300w\" sizes=\"auto, (max-width: 760px) 100vw, 760px\" \/><\/a><br \/>\n<center><strong>Note<\/strong>: <em>SSO can be enabled by clicking the &#8220;Enable single sign on&#8221; check box.<\/em><\/center><\/p>\n<p>If you want to install Azure Pass-Through Authentication manually, the installer is located at <\/p>\n<pre>C:\\Program Files\\Microsoft Azure Active Directory Connect\\SetupFiles\\AADApplicationProxyConnectorInstaller.exe<\/pre>\n<p>on the same server, where AAD Connect is installed.<\/p>\n<h2>What to remember about Azure Pass-Through Authentication<\/h2>\n<p><strong>Azure Pass-Through Authentication only works with Office 365<\/strong>. If our organisation requires an authentication solution that also works with other claims-based cloud applications like Okta, AWS, Salesforce and etc., we&#8217;ll need to use a claims-based solution like ADFS!<\/p>\n<p>P.S.<br \/>\nDownload the latest version of Azure AD Connect from <a href=\"http:\/\/aka.ms\/aadconnect\">http:\/\/aka.ms\/aadconnect<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I hope there is no need to explain what is &#8220;Azure AD Connect&#8221; :). We like it or not, but all organisations, that want to work with Office 365 \/ Azure probably be starting with a hybrid configuration where existing Active Directory objects (and in some cases passwords) on-premises sync to Azure AD using Azure [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7087,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[61,62,68],"class_list":["post-7100","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-aadc","tag-azure-ad-connect","tag-pass-through-authentication"],"_links":{"self":[{"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/posts\/7100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7100"}],"version-history":[{"count":1,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/posts\/7100\/revisions"}],"predecessor-version":[{"id":7220,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/posts\/7100\/revisions\/7220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=\/wp\/v2\/media\/7087"}],"wp:attachment":[{"href":"https:\/\/www.highclouder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.highclouder.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}