Configure Azure AD Connect Pass Through Authentication

0
55
views

Configure Azure AD Connect Pass Through Authentication

Azure pass-through authentication allows user to login to cloud and on-premise applications by using the same passwords. Pass-through authentication validated the password against the on-premise active directory.

Prerequisite needed:

  1. Global Admin account
  2. Azure AD Connect 1.1.750.0 or later
  3. Windows Server 2012 R2 or later with TLS 1.2 enabled
  4. Firewall Ports and Proxy Urls.

To start the process, Launch the Azure AD Connect installation > click on “I agree “for the license terms and then click continue.

On the express settings page, click customize if you are installing Azure AD Connect using an existing SQL server.

A screenshot of a cell phone
Description automatically generated

Provide the details of the sql server and then click install.

Provide the Global Administrator account login details to connect to Azure AD and then click next.

A screenshot of a cell phone
Description automatically generated

Next you will be prompted to provide login details for an “enterprise administrator” credentials. Once done click next.

A screenshot of a cell phone
Description automatically generated

On the next windows you will see which of your on-prem UPN suffix matches that of a verified domain in Azure AD.

A screenshot of a social media post
Description automatically generated

Click on “continue without matching all UPN suffixes to verified domains” , this warning will be there if you have an on-prem domain for example allcloud.local

A screenshot of a social media post
Description automatically generated

On the next page, you will see a summary of what will be configured, click on “Install” to start the process.

A screenshot of a cell phone
Description automatically generated

On the last screen you will see a configuration complete screen, with some recommendation if there is any.

A screenshot of a cell phone
Description automatically generated

Click on exit to finish.

Next open “Azure AD Connect” from the desktop icon then click Configure.

A screenshot of a cell phone
Description automatically generated

Next click on “Change user sign-in” then click next.

A screenshot of a cell phone
Description automatically generated

Provide the “Global Administrator” username and password then click next.

A screenshot of a cell phone
Description automatically generated

You might receive the following error “Cannot change configuration”, this is because a synchronization is currently in progress.

To resolve this error: Open Windows PowerShell then type the following

Then type:

A close up of a logo
Description automatically generated

Once done, go back to the Azure AD Connect application and enter the global administrator username and password again.

A screenshot of a cell phone
Description automatically generated

On the next screen, you will be able to modify the user sign-in methods. From the menu select “Pass-through Authentication”, also from the say menu select “Enable single sign-on” to allow single sign-on for your corporate desktop users.

A screenshot of a cell phone
Description automatically generated

You will notice at the bottom of the screen a message indicating that the account you are currently connected with to Azure AD with be your “Cloud Only company Administrator account

This means that in the event of on-premise failure this account will be able to manage Pass-Through Authentication. Do not Lose this account!!

Click on Next to continue to setup.

The next set is to configure an On-Premise “Domain Administrator” account which will be used to configure “Single sign-on

Click on “Enter credentials” to provide the domain administrator username and password.

A screenshot of a cell phone
Description automatically generated

A screenshot of a cell phone
Description automatically generated

Once you have entered the credentials you will see a green tick, then click on next.

A screenshot of a cell phone
Description automatically generated

On the last page, you will see a summary of what the tool will be configuring, click on configure to start the process.

A screenshot of a cell phone
Description automatically generated

Click on Exit to close the Azure AD Connect tool.

A screenshot of a cell phone
Description automatically generated

Before the synchronization process will start again, we need to enable it again.

To enable synchronization launch Windows PowerShell and run the following.

Then

To start a synchronization run.

From any machine in the organization, open any one of the following Urls and you will notice that you are not prompted for Username and Password.

  1. https://portal.office.com
  2. https://portal.azure.com

Happy single sign-on’s 🙂

 

Sharing is caring!

LEAVE A REPLY

Please enter your comment!
Please enter your name here