Azure Active Directory Connect makes Single Sign-On Easy SSO can be combined with either of the below two Sync options: Setting up this service is simple and easy, and done from the AAD Connect tool. Below are the steps that take you through this process<\/p>\n\n\n\n \u2022 Add the below 2 URLS into the Intranet Zone via GPO \u2022 Launch AAD Connect and click on the Change User Sign-in<\/p>\n\n\n Enter Global Administrator credentials The below screen you will be presented with 3 Options, you can use all of them to enable SSO. However, each of these methods has their own advantages:<\/p>\n\n\n\n \u2022 Password Synchronization<\/strong>: In this method, password hashes are synced with Azure AD. \u2022 Pass-Through Authentication<\/strong>: Like the first option, however, the password hashes are not synced with Azure AD. However, this method requires a lightweight agent to be installed on-premises (this service is still in preview while this article was written)<\/p>\n\n\n \u2022 Federation with AD FS:<\/strong> This method requires a full-fledged deployment of ADFS farm to enable SSO with using the Federation Service<\/p>\n\n\n We have selected password hash Sync, to enable Seamless SSO as shown below<\/p>\n\n\n Click on next and complete the configuration<\/p>\n\n\n Wait for the wizard to complete and show the Configuration Completed Message as shown below<\/p>\n\n\n Validation<\/strong>: Advantages of AAD connect SSO<\/strong><\/p>\n\n\n\n \u2022 It\u2019s a Free Service, which Doesn\u2019t require additional licenses or premium subscriptions of Azure AD In Conclusion https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/connect\/active-directory-aadconnect-sso<\/em>
<\/strong>
Azure AD Connect includes a new capability- Single Sign-On<\/strong>. The feature enables organizations to implement SSO with both cloud & on-prem based applications without requiring any additional server configurations.<\/p>\n\n\n\n
\u2022 Password Hash Synchronization (Agent Less)
\u2022 Pass-through Authentication<\/p>\n\n\n\n
https:\/\/autologon.microsoftazuread-sso.com
https:\/\/aadg.windows.net.nsatc.net<\/p>\n\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad1.webp\")
<\/figure><\/div>\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad2.webp\")
<\/figure><\/div>\n\n\n
<\/strong><\/p>\n\n\n\n
(Server & Agentless SSO)<\/p>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad3.webp\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad4-1024x464-1.webp\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad5-1024x502-1.webp\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad6.webp\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad7.webp\")
<\/figure><\/div>\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad8.webp\")
<\/figure><\/div>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/aad9.webp\")
<\/figure><\/div>\n\n\n
The below Steps can be followed to validate if the deployment has been successful
\u2022 Look for any Authentication errors in the Azure AD portal
\u2022 Look up the local AD for a Computer Account<\/strong> \u201cAZUREADSSOACT\u201d
\u2022 Run the below PowerShell command and confirm the domain has been enabled for SSO
GET-AZUREAADSSOSTATUS<\/em><\/p>\n\n\n![\"\"](\"https:\/\/viewmyprojects.com\/winwirewp\/wp-content\/uploads\/2023\/11\/ade10.webp\")
<\/figure><\/div>\n\n\n
\u2022 Serverless deployment of SSO solution
\u2022 Works with either Password Sync or Pass-through Authentication
\u2022 Unlike ADFS, this solution can be rolled out to users on need basis
\u2022 Ease of Administration of both Directory Sync and SSO<\/p>\n\n\n\n
<\/strong><\/em>
There is a lot of useful documentation available about AAD Connect on the Microsoft website, I highly recommend that you check it out as well:<\/em><\/p>\n\n\n\n
https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/connect\/active-directory-aadconnect-sso-quick-start<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"