This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have an Azure Active Directory Tenant, on which the domain is federated through SAML 2.0. I would like to use this directory to manage windows 10 computers, but when I link the domain to the computer, i cannot login into the computer as it asks for a password which there isn't since the user is logged in through saml.
Is it possible to login into windows using the SAML 2.0 federated domain ?
It seems that i've not been correctly explaining.
I have successfully joined the computer to the AAD tenant and while using SAML 2.0, but when i want to log in into windows, it asks for username/password, which obviously cannot work as the account uses the SAML 2.0 serveur to authenticate. I have successfully federated the domain, this is not the issue, the issue is that, after joining the computer to the tenant, i cannot login using aad's accounts, the only account that works is the local computer administrator.
I'm not sure if i've been clear, so i'll clear it up, here Azure Active Directory is a Service Provider, the SAML Identity Provider is a standalone, custom SAML 2.0 php implementation. Therefore when logging in, AAD redirects the user (through HTTP) to the IDP for identification.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@GribouilleVert As I mentioned in my first answer, Windows 10 login needs WS-Trust: to be enabled on the ADFS. Since you are not using ADFS here, so you will check that this endpoint is enabled or not on your standalone SAML provider.
Your SAML provider needs to have WS Trust open and listening. Check more here :
https://learn.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan#federated-environment
@GribouilleVert The machine needs to be Azure AD join or Hybrid Join State in order to login to Windows 10 machine using federated state.
If you are using ADFS as federation server.
Windows 10 login need WS-trust username/mixed endpoints to be enabled in ADFS, please check if you have them enabled, If not, please enable them on endpoints and try again. Can you get the list of all ADFS endpoints and share what are the current configurations ? Thanks.
@VipulSparsh-MSFT I do not use a local Active Directory server, my federation is a custom implementation of the SAML 2.0 protocol. It is available at gateway.vasco.network (https://gateway.vasco.network/saml/metadata.xml).
The only config i can provide you is the SAML server one (which i doubt will be of any use).
Hi there,
Yes, you can log in to windows using the SAML 2.0 federated domain . The Microsoft identity platform uses the SAML 2.0 protocol to enable applications to provide a single sign-on experience to their users.
Use a SAML 2.0 Identity Provider (IdP) for Single Sign-On
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
Federation with SAML/WS-Fed identity providers for guest users
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/direct-federation
---------------------------------------------------------------------------------------------------------------------
If the reply is helpful, please Upvote and Accept it as an answer
Ow ! Ok, well thank you very much !