This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 64%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
How can a service account in active directory sign in to azure with ADFS?
It seems like when using ADFS, the domain user has to enter his credentials to a login page. What should a service account do in the same case (as it is not an interactive user...)?
Can Entra ID define if it is a service account or a regular domain user based on its sign in details or any other details?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
If you want create a service account Cloud only in Entra ID , yu should shoose a non federated domain (xxxx.onmicrosoft.com) to bypass federation redirection for service account authentication:
If the service account is a synced account , it will be redirected to federation service for authentication.
Please don't forget to accept helpfull answer
I see, so you said that - "If the service account is a synced account, it will be redirected to federation service for authentication." In that case, I guess, he won't be able to log in (because he will have to enter interactively his credentials to the WAP). Am I right?
If I am not right, what authentication method will be used (ADFS + ROPC) ?
Yes. From My point of view , if you need a service account to be used on service in Azure you should use a cloud only account. The service account created in on-premise active directory should be used only on on-premise service.
When you create a service account cloud only in Entra ID you should also disable MFA authentication.
Please don't forget to accept helpful answer
So, in case that service account is a synced account -> The service account just will try to log in to the adfs login page and get stuck.in case we set it as a cloud user, it signs in as ROPC. Thanks!
So, in case that service account is a synced account -> The service account just will try to log in to the adfs login page and get stuck.in case we set it as a cloud user, it signs in as ROPC.
Thanks!