![...](https://www.winwire.com/wp-content/uploads/2023/11/How-to-Set-up-Azure-AD-Connect-SSO-graphic.webp)
Ever since the launch of Office 365, there has been a need to make these services seamlessly accessible. Needless to say that Single Sign On (SSO) has been on the top requirement list for many organizations.
I wanted to put together a quick post and run through how easy it is to setup Single Sign On and enhance the user experience.
Azure Active Directory Connect makes Single Sign-On Easy
Azure AD Connect includes a new capability- Single Sign-On. The feature enables organizations to implement SSO with both cloud & on-prem based applications without requiring any additional server configurations.
SSO can be combined with either of the below two Sync options:
• Password Hash Synchronization (Agent Less)
• Pass-through Authentication
Setting up this service is simple and easy, and done from the AAD Connect tool. Below are the steps that take you through this process
• Add the below 2 URLS into the Intranet Zone via GPO
https://autologon.microsoftazuread-sso.com
https://aadg.windows.net.nsatc.net
• Launch AAD Connect and click on the Change User Sign-in
![](https://www.winwire.com/wp-content/uploads/2023/11/aad1.webp)
![](https://www.winwire.com/wp-content/uploads/2023/11/aad2.webp)
Enter Global Administrator credentials
The below screen you will be presented with 3 Options, you can use all of them to enable SSO. However, each of these methods has their own advantages:
• Password Synchronization: In this method, password hashes are synced with Azure AD.
(Server & Agentless SSO)
![](https://www.winwire.com/wp-content/uploads/2023/11/aad3.webp)
• Pass-Through Authentication: Like the first option, however, the password hashes are not synced with Azure AD. However, this method requires a lightweight agent to be installed on-premises (this service is still in preview while this article was written)
![](https://www.winwire.com/wp-content/uploads/2023/11/aad4-1024x464-1.webp)
• Federation with AD FS: This method requires a full-fledged deployment of ADFS farm to enable SSO with using the Federation Service
![](https://www.winwire.com/wp-content/uploads/2023/11/aad5-1024x502-1.webp)
We have selected password hash Sync, to enable Seamless SSO as shown below
![](https://www.winwire.com/wp-content/uploads/2023/11/aad6.webp)
Click on next and complete the configuration
![](https://www.winwire.com/wp-content/uploads/2023/11/aad7.webp)
![](https://www.winwire.com/wp-content/uploads/2023/11/aad8.webp)
Wait for the wizard to complete and show the Configuration Completed Message as shown below
![](https://www.winwire.com/wp-content/uploads/2023/11/aad9.webp)
Validation:
The below Steps can be followed to validate if the deployment has been successful
• Look for any Authentication errors in the Azure AD portal
• Look up the local AD for a Computer Account “AZUREADSSOACT”
• Run the below PowerShell command and confirm the domain has been enabled for SSO
GET-AZUREAADSSOSTATUS
![](https://www.winwire.com/wp-content/uploads/2023/11/ade10.webp)
Advantages of AAD connect SSO
• It’s a Free Service, which Doesn’t require additional licenses or premium subscriptions of Azure AD
• Serverless deployment of SSO solution
• Works with either Password Sync or Pass-through Authentication
• Unlike ADFS, this solution can be rolled out to users on need basis
• Ease of Administration of both Directory Sync and SSO
In Conclusion
There is a lot of useful documentation available about AAD Connect on the Microsoft website, I highly recommend that you check it out as well:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start