Single sign on for on-premise forms based application

Kanishka Jayawardene 1 Reputation point

We have a SharePoint 2016 web site which uses forms based authentication for users. Recently I was asked to implement MFA for the application. I was able to implement Azure application proxy to achieve this. Meaning pre-authentication happens in Azure and once the user gets authenticated he/she will be redirected to the on -premise login page.

1) What are the options available to skip the two login pages and have a single sign on feature.

2) Is there a way to create a azure security token from our login page for each authenticated user and just to have the MFA check only.
( For an instance to call the azure active directory endpoint with the custom created token from code behind)

Any help would be really appreciated.

SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,569 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,391 questions
{count} votes

2 answers

Sort by: Most helpful
  1. 2020-12-10T21:01:40.95+00:00

    Hello, Enable remote access to SharePoint with Azure AD Application Proxy details how to protect your on premise Sharepoint with Azure AD, Azure AD Connect and application proxy, however it requires Windows Integrated Authentication (which relies on Kerberos tickets) and does not support Forms authentication which relies on cookies.

    In order to get MFA displayed or requested you have to first input your credentials, you cannot replace this with a security token of any kind.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

  2. Echo Du_MSFT 17,116 Reputation points

    Hello @Kanishka Jayawardene ,

    If you configure Multi-Factor Authentication under Global environment, all users must force use MFA to sign in page.
    If you configure Multi-Factor Authentication for each relying party trust, then the corresponding relying party users must use MFA to login in page.

    You could refer to the following article:

    Echo Du


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments