Just a quick blog to share an experience of an alternative to Active Directory Federation Services (ADFS) to implement a single sign-on solution (SSO).

In a nutshell…What is Azure AD Connect Pass-Through Authentication and seamless SSO?

A simple solution for our customers, who just want a no frills seamless SSO experience that supports Azure Multi-Factor Authentication, conditional access and modern applications!

It allows users to sign in to on-premises and Azure cloud-based applications using the same passwords with a seamless SSO experience while validating the user’s credentials securely with your on-premises Active directory.

When NOT to use it?

If you want support for third-party MFA solutions, on-premises web application SSO or certificate-based authentication then you’re going to have to implement full ADFS

How does it work?

It uses a light weight agent that talks Kerberos with Azure AD to provide a secure authentication.

The agent passes encrypted password tickets via a secure queue to your on-premises AD.


How difficult was it to configure?

The great news was that we were installing Azure AD Connect for the customer anyway and it’s included.

So, it’s just a case of configuring the agent on your Azure AD Connect server.

We also installed the agent on domain controller to provide high availability, a very simple installation!

The good news is you don’t have to worry about updating the agent, it does that itself – ZERO Management!

It can’t be that simple?

You’re right, the only other thing we did was configure the clients, and that was done by a simple Group Policy.

Is that it?

Yes, you’re done ready to go.

How much does it Cost?

The best bit… it’s free with your Azure tenant.

Previously to achieve the same SSO solution required a full ADFS infrastructure, so it’s a good money saver for our customers.