Windows logon to be used for Entra ID

Mumelas, Goran 0 Reputation points
2024-06-04T11:49:40.2066667+00:00

Hello,

If a user logged on to Windows using domain account could we use that (and if so, how) to authenticate the user for calls to Web apps and APIs through Entra ID?

The general idea is that user logs onto the computer and does not need to log on to the web app again, because it has already been authenticated by domain account. However a user that accesses the web app or API from outside (using account that is not on the domain) should still be authenticated.

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,123 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 5,405 Reputation points Microsoft Vendor
    2024-06-06T09:55:15.5933333+00:00

    Hi @Mumelas, Goran

    Thank you for posting this in Microsoft Q&A.

    I understand you query is related to using Windows logon to authenticate users for calls to Web apps and APIs through Entra ID.

    Yes, it is possible to use a user's domain account to authenticate them for calls to web apps and APIs through Entra ID. This can be achieved by using Integrated Windows Authentication (IWA), which allows users to authenticate to web applications using their Windows domain credentials. With IWA, when a user accesses a web application from a domain-joined computer, the web application can use the user's Windows domain credentials to authenticate them without requiring them to enter their username and password again. This provides a seamless and secure authentication experience for users.

    To enable IWA for your web application, you will need to configure your web server to support IWA and configure your web application to use IWA for authentication.

    please follow the steps which mentioned in this document: https://learn.microsoft.com/en-us/iis/configuration/system.webServer/security/authentication/windowsAuthentication/

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions.

    0 comments No comments