This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Just migrated from 2012 r2 with sql backend to ADFS 2022 WID using adfs rapid restore tool.
There are two 2022 proxy on the front behind a load balancer. Each proxy has host file for sso dns point to one specific adfs server.
The domain is federated in Azure AD.
SSO works fine when connecting to relying parties within 2022 ADFS farm. However, when connecting to applications with trust in Azure AD SSO it prompts for an email address (even when through a signed in session. Yes, the first time it redirects you to the adfs login page because of federation) before it lets you into to the application. This was not the case in 2012 r2 environment. The sign in process was smooth for the azure ad sso based application in that environment.
Is there a way to bypass that extra email prompt step during the sign on process?
would be great if you could shed some light on this.
Hi @Tilicho , without seeing your environment it's hard to pinpoint where the issue is, but we can try some steps to troubleshoot.
One possible reason for the extra email prompt step during the sign-on process could be that the Azure AD SSO configuration needs to be updated to reflect the changes made during the migration.
I would recommend checking the Azure AD SSO configuration to ensure that it is set up correctly and that the trust relationship between Azure AD and ADFS is properly configured. You can also check the Azure AD SSO logs to see if there are any errors or issues that could be causing the problem.
Another possible reason for the issue could be related to the load balancer configuration. It is possible that the load balancer is not properly configured to handle the SSO requests, which could be causing the extra email prompt step during the sign-on process. You can also check the load balancer logs to see if there are any errors or issues that could be causing the problem.
If nothing here works please let me know and we can open a support ticket for you.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
Thank you. It is not load balancer related. We took the old proxy out and replaced with new ones in the same load balancer virtual service.
The difference here is we increased the farm behavior level to 4. Else, everything is similar since this system was built using the backup from the adfs rapid restore tool.