You can leverage Azure AD for implementing single sign-on for a web application. The broad steps using Azure AD are:
- Create an Azure AD tenant and register your web app(s) with Azure AD.
- Configure Azure AD to use Windows Integrated Authentication to authenticate the suers.
- Configure your web app to use Azure AD for authentication.
In order to leverage Windows accounts for SSO, the account will need to be synced with Azure AD. The general steps are:
- Install Azure AD Connect on a Windows Server machine. This machine should have access to your local Active Directory.
- During the setup process, you'll be asked to provide credentials for your Azure AD (Office 365) tenant.
- You'll also be asked to provide credentials for your local Active Directory.
- You can then choose how you want your local Active Directory to sync with Azure AD. There are several options, including password hash synchronization, pass-through authentication, and federation.
- Once you've made your selections, Azure AD Connect will begin syncing your local Active Directory with Azure AD.
Some good reference documentation to learn more are:
- Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Learn
- Enable single sign-on for an enterprise application - Microsoft Entra | Microsoft Learn
- Azure AD Connect: Seamless Single Sign-On - How it works - Microsoft Entra | Microsoft Learn
- Azure AD Connect: Get started by using express settings - Microsoft Entra | Microsoft Learn