Azure AD SSO prompts for email address

Tilicho 6 Reputation points
2023-10-16T14:43:47.6566667+00:00

Just migrated from 2012 r2 with sql backend to ADFS 2022 WID using adfs rapid restore tool.

There are two 2022 proxy on the front behind a load balancer. Each proxy has host file for sso dns point to one specific adfs server.

The domain is federated in Azure AD.

SSO works fine when connecting to relying parties within 2022 ADFS farm. However, when connecting to applications with trust in Azure AD SSO it prompts for an email address (even when through a signed in session. Yes, the first time it redirects you to the adfs login page because of federation) before it lets you into to the application. This was not the case in 2012 r2 environment. The sign in process was smooth for the azure ad sso based application in that environment.

Is there a way to bypass that extra email prompt step during the sign on process?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,226 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,631 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 23,216 Reputation points Microsoft Employee
    2023-10-18T19:23:11.1833333+00:00

    Hi @Tilicho , without seeing your environment it's hard to pinpoint where the issue is, but we can try some steps to troubleshoot.

    One possible reason for the extra email prompt step during the sign-on process could be that the Azure AD SSO configuration needs to be updated to reflect the changes made during the migration.

    I would recommend checking the Azure AD SSO configuration to ensure that it is set up correctly and that the trust relationship between Azure AD and ADFS is properly configured. You can also check the Azure AD SSO logs to see if there are any errors or issues that could be causing the problem.

    Another possible reason for the issue could be related to the load balancer configuration. It is possible that the load balancer is not properly configured to handle the SSO requests, which could be causing the extra email prompt step during the sign-on process. You can also check the load balancer logs to see if there are any errors or issues that could be causing the problem.

    If nothing here works please let me know and we can open a support ticket for you.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James