Windows logon to be used for Entra ID

Question

Hello,

If a user logged on to Windows using domain account could we use that (and if so, how) to authenticate the user for calls to Web apps and APIs through Entra ID?

The general idea is that user logs onto the computer and does not need to log on to the web app again, because it has already been authenticated by domain account. However a user that accesses the web app or API from outside (using account that is not on the domain) should still be authenticated.

Thanks in advance

Answer 1

Hi @Mumelas, Goran

Thank you for posting this in Microsoft Q&A.

I understand you query is related to using Windows logon to authenticate users for calls to Web apps and APIs through Entra ID.

Yes, it is possible to use a user's domain account to authenticate them for calls to web apps and APIs through Entra ID. This can be achieved by using Integrated Windows Authentication (IWA), which allows users to authenticate to web applications using their Windows domain credentials. With IWA, when a user accesses a web application from a domain-joined computer, the web application can use the user's Windows domain credentials to authenticate them without requiring them to enter their username and password again. This provides a seamless and secure authentication experience for users.

To enable IWA for your web application, you will need to configure your web server to support IWA and configure your web application to use IWA for authentication.

please follow the steps which mentioned in this document: https://learn.microsoft.com/en-us/iis/configuration/system.webServer/security/authentication/windowsAuthentication/

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions.