Azure AD SSO prompts for email address

Tilicho 6 Reputation points
2023-10-16T14:43:47.6566667+00:00

Just migrated from 2012 r2 with sql backend to ADFS 2022 WID using adfs rapid restore tool.

There are two 2022 proxy on the front behind a load balancer. Each proxy has host file for sso dns point to one specific adfs server.

The domain is federated in Azure AD.

SSO works fine when connecting to relying parties within 2022 ADFS farm. However, when connecting to applications with trust in Azure AD SSO it prompts for an email address (even when through a signed in session. Yes, the first time it redirects you to the adfs login page because of federation) before it lets you into to the application. This was not the case in 2012 r2 environment. The sign in process was smooth for the azure ad sso based application in that environment.

Is there a way to bypass that extra email prompt step during the sign on process?

Microsoft Security | Active Directory Federation Services
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-10-18T19:23:11.1833333+00:00

    Hi @Tilicho , without seeing your environment it's hard to pinpoint where the issue is, but we can try some steps to troubleshoot.

    One possible reason for the extra email prompt step during the sign-on process could be that the Azure AD SSO configuration needs to be updated to reflect the changes made during the migration.

    I would recommend checking the Azure AD SSO configuration to ensure that it is set up correctly and that the trust relationship between Azure AD and ADFS is properly configured. You can also check the Azure AD SSO logs to see if there are any errors or issues that could be causing the problem.

    Another possible reason for the issue could be related to the load balancer configuration. It is possible that the load balancer is not properly configured to handle the SSO requests, which could be causing the extra email prompt step during the sign-on process. You can also check the load balancer logs to see if there are any errors or issues that could be causing the problem.

    If nothing here works please let me know and we can open a support ticket for you.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.