365tips.be

The best Microsoft 365 tips on the web

Seamless Single Sign-on in Azure Active Directory

Azure Active Directory (Azure AD) Seamless Single Sign-On allows users to log in via SSO on their computers "connected" to the local and Azure Active-Directory to the Microsoft 365 cloud services.

Want to increase your organization's productivity with a very low IT effort. Then this must be one of the Microsoft 365 features you want to turn on!

Technical Requirements

If you already have a Office 365 environment today, and you have already synced all AD objects, you can go to the next step.

If you don't have Office 365 yet, but are ready to migrate you can find the 4-step Azure AD connect installation instructions can be found here.

If you do not have a tenant, please create one through this way.

Configure Azure AD for Seamless Single sign-on

Select configure

Click on Change User Sign-in

Login with your credentials

Change from: Password Hash Synchronization

To: Pass-through Authentication + Single Sign-on.

Select Next

Login with your local Domain Credentials

Click Configure

Configure the necessary GPO

Step 1 - Open Group Policy Management and create a new GPO

Call the GPO however you like

Step 2: Create a Site To Zone assignment list

Navigate to user configuration > policies > management templates > Windows Features > Internet Explorer > Internet configuration screen > Security page. Then select the list site to zone assignment.

Or in English according to the screenshot below.

https://docs.microsoft.com/nl-be/azure/active-directory/hybrid/media/how-to-connect-sso-quick-start/sso6.png

Put this value: https://autologon.microsoftazuread-sso.com

Value (data): 1

Step 3: Add the allow updates to status bar via script.

Browse to user configuration > policy > management templates > Windows Features > Internet Explorer > Internet configuration screen > The security page > intranet zone. Then select Allow updates for status bar via script.

Step 4: Set a registry entry for the autologon - HTTPS

Browse to user configuration > for labels > Windows settings > Registry > New > registry entry.

Single sign-on

Enter the following values in the appropriate fields and click OK.

Key path: SoftwareMicrosoftWindowsCurrentVersionInternet SettingsMapDomainsMicrosoftazuread-SSO.comautologon

Value name: https.

Value type: REG_DWORD.

Value data: 00000001.

Single sign-on
Single sign-on

Test your policy

For Firefox, Safari (MacOS), Chrome etc you also want to make sure you have SSO. Then take a look at this link with more information.

Tagged: , , , , , , , , , ,
0 0 vote
Article review
Subscribe
Please let us know if there are
guest

1 Response
Oldest
Latest Most Voted
Inline feedbacks
See all comments
Téo
Téo
2 years ago

Salut ^^

Tu devrais ajouter le chemin complet de la clé de registre -> Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftazuread-sso.com\autologon

Merci encore tu régales!

Téo

1
0
Would love to know your thoughts, please leave a comment.x