Regarding the phenomenon to sSSO(seamless SSO) can't be performed

大西 隆太 0 Reputation points
2024-07-11T06:57:58.3+00:00

Hi, I'm Japanease.

using translate to create questions.

Azure AD Connect (Entra Connect) is used to link on-prem AD and Azure AD, and seamless SSO is enabled in that environment.

The computer to joined in the local domain can access for office365 (www.office.com) without password.

But, The Office Clients such as Word and Excel required passwords for login.

Check here, it appears that sSSO is also available for the Office Clients.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-how-it-works

Do you know what to do? help me :(

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Raja Pothuraju 24,785 Reputation points Microsoft External Staff Moderator
    2024-07-12T16:39:05.71+00:00

    Hello @大西 隆太,

    Thank you for posting your query on Microsoft Q&A.

    I understand you're experiencing an issue where Seamless SSO works in web browsers (Office 365 at www.office.com) without requiring a password on domain-joined devices, but Office clients like Word and Excel prompt for passwords.

    Is this behavior occurring on a specific device or on all domain-joined devices?

    Please ensure that the Microsoft Entra URL (https://autologon.microsoftazuread-sso.com) is added to the user's Intranet zone settings.

    Ensure the device has a direct connection to your domain controller, either through corporate wired or wireless networks, or via a remote access connection like VPN.

    To diagnose further, list the existing Kerberos tickets on the device using the klist command from a command prompt. Verify that tickets issued for the AZUREADSSOACC computer account are present. Normally, users' Kerberos tickets are valid for 10 hours, but your Active Directory settings may differ.

    If there are issues with Kerberos tickets after running klist, you can resolve them by running klist purge and attempting the login again from the device.

    Please refer to the following documents and verify all prerequisites mentioned:

    Troubleshoot Microsoft Entra Connect SSO

    Microsoft Entra Connect SSO Quick Start

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.