Introduction
Azure AD Connect is a tool synchronizing identity information from on-premises Active Directory to Azure AD. It provides a secure and reliable connection between on-premises infrastructure and the cloud. In addition to identity synchronization, Azure AD Connect supports single sign-on (SSO) for applications that use Azure AD as the identity provider.
This article will discuss how to configure SSO with Azure AD Connect.
Prerequisites
Before configuring SSO with Azure AD Connect, make sure you have the following prerequisites:
An Azure AD tenant
- An on-premises Active Directory domain
- A server running Azure AD Connect with the latest version installed
- A user account with global administrator permissions in the Azure AD tenant
- Configuring SSO with Azure AD Connect
Follow the steps below to configure SSO with Azure AD Connect,
Open the Azure AD Connect configuration wizard on the Azure AD Connect server.
On the Welcome screen, click the "Configure" button.
Select "Change user sign-in" on the Additional Tasks screen and click "Next".
On the User sign-in screen, select "Pass-through authentication" and "Password Hash Synchronization" and click "Next".
On the Connect to Azure AD screen, enter the credentials of a user account with global administrator permissions in the Azure AD tenant and click "Next".
Select the on-premises Active Directory domain on the Connect your Directories screen and click "Add Directory".
On the Domain and OU filtering screen, select the domains and OUs to synchronize and click "Next".
On the Uniquely identifying your user's screen, select a unique attribute to use as the sourceAnchor attribute and click "Next".
Configure any filtering rules on the Filtering users and devices screen and click "Next".
On the Optional features screen, select "Password writeback" and "Single sign-on" and click "Next".
On the Single sign-on screen, select "Integrated Windows Authentication" and "Enable single sign-on" and click "Next".
Review the configuration summary on the Ready to Configure screen and click "Configure".
Once the configuration is complete, click "Exit" to close the wizard.
Testing SSO
To test SSO, open a web browser and navigate to an application configured to use Azure AD as the identity provider. You should be automatically signed in without having to enter your credentials.
Using PowerShell command-line interface (CLI) you can configure Single Sign-On (SSO) with Azure AD Connect using PowerShell command-line interface (CLI). Here are the detailed steps to configure SSO with Azure AD Connect using PowerShell:
Open PowerShell as an administrator on the server running Azure AD Connect.
Step1. Import the Azure AD Connect PowerShell module by running the following command,
Step 2. Connect to the Azure AD tenant by running the following command:
Replace <tenantname> with the name of your Azure AD tenant.
Create a new SSO configuration by running the following command:
Replace [email protected] With the username of the on-premises AD account that Azure AD Connect will use to authenticate with your on-premises domain. Replace "AD Connector" with the name of the Azure AD Connect connector.
Enable the new SSO configuration by running the following command:
Verify the SSO configuration by running the following command:
This command should display the SSO configuration details.
Restart the Azure AD Connect synchronization service by running the following command:
After the synchronization service is restarted, SSO will be enabled for your cloud applications that use Azure AD as the identity provider.
Conclusion
This article discussed configuring SSO with Azure AD Connect using PowerShell command-line interface (CLI). Using PowerShell, you can automate the SSO configuration process and reduce the time and effort required to set up SSO.