Hosting » Azure » How do I enable SSO in Azure AD?

How do I enable SSO in Azure AD?

Last updated on September 25, 2022 @ 11:51 am

Azure Active Directory (Azure AD) supports single sign-on (SSO) for users accessing cloud-based applications and services. You can use SSO to eliminate the need for users to remember multiple credentials, and to provide a single sign-on experience for users across cloud-based applications and services.

To enable SSO in Azure AD, you need to create a Microsoft Azure Active Directory Federation Services (ADFS) instance and configure it to federate with your on-premises ADFS instance. You then need to configure Azure AD to use the ADFS instance to provide SSO for users.

To configure Azure AD to use the ADFS instance, first create an Azure Active Directory Federation Services instance. You can create an ADFS instance by using the Azure portal or by using the Azure CLI.

For more information, see Create an Azure Active Directory Federation Services instance.

PRO TIP: If you enable Single Sign-On (SSO) in Azure Active Directory (Azure AD), users can sign in to both Azure AD and your on-premises organization by using their Azure AD account. This might be appropriate if, for example, your users are located primarily in the cloud. However, if you have users who are located primarily on-premises, or if you have users who must be able to sign in even when your on-premises network is unavailable, you should not enable SSO.

After you create the ADFS instance, you need to configure the federation settings for it. To do this, open the Azure portal, and open the Federation Services blade. In the Federation Services blade, select the federation server you want to configure, and then select the Settings tab.

In the Settings tab, select the Security Settings button. In the Security Settings dialog box, select the Federation check box, and then select the ADFS server instance you created in the previous step.

After you configure the federation settings, you need to configure Azure AD to use ADFS to provide SSO. To do this, open the Azure portal, and open the Azure Active Directory (Azure AD) blade. In the Azure AD blade, select the Users and groUPS blade. In the Users and groUPS blade, select the Users tab.

In the Users tab, select the user you want to configure, and then select the SSO link in the lower-right corner of the user’s profile. In the SSO link, select the Use federated authentication from the following options list. In the Use federated authentication dialog box, select the ADFS server instance you configured in the previous step. Then, select the Allow users to bypass authentication for all applications check box.

After you configure Azure AD to use ADFS, users will be able to access cloud-based applications and services by using their credentials from their on-premises ADFS instance.

Drew Clemente

Drew Clemente

Devops & Sysadmin engineer. I basically build infrastructure online.