Configuring Azure Active Directory Single Sign-On (SSO) with Azure AD Connect

If you haven’t synced your local Active Directory to Microsoft 365 via Azure Cloud Connect, you can start here. If you have but haven’t enabled SSO to simplify the process, you are missing out on something big.

With Azure AD SSO, you don’t have to type in your passwords to sign in to Azure AD, and most of the time, you don’t even need to type the username. You log into a domain-joined computer with your own credential and that’s all you need to get all apps ready, including Edge, Office apps, and Teams.

Open Azure AD Connect, click Configure, then Change user sign-in option, and go Next.

Sign in with your Office 365 Global Admin credential, and then check Enable single sign-on option.

You will need to type a Domain Admin credential as well to finish the process.

Once the sync is finished, you can check the Azure AD to make sure if the single sign-on is enabled.

Next step is to add the following URL in the Intranet Zone via Group Policy.

https://autologon.microsoftazuread-sso.com

The policy is called Site to Zone Assignment list under

User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

While we are here, let’s also enable Allow updates to status bar via script under Intranet Zone

Finally, if you are using the new Edge browser, add the same Azure AD’s URL to the Specifies a list of servers that Microsoft Edge can delegate user credentials to the following place.

User Configuration > Administrative Templates > Microsoft Edge > HTTP authentication

That’s about as simple as I can put out. If all goes well, it does work like a charm.

Resources

Azure AD Connect: Seamless Single Sign-On – How it works | Microsoft Docs

Azure AD Connect: Seamless Single Sign-On – quickstart | Microsoft Docs

Leave a Reply

Your email address will not be published. Required fields are marked *