![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 19%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 83%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENJ%3C/text%3E%3C/svg%3E)
Hi raiga21,
Thank you for posting in the Q&A Forums.
I. Enabling Entra ID Authentication
Verify the user's identity:
Ensure that the user has been created in Active Directory (AD) and that their UPN (User Principal Name) matches the email address in the Entra ID.
The user must be authorized in Entra ID to access the required resources.
Configure password hash synchronization:
If not already configured, ensure that Password Hash Synchronization (PHS) has been enabled to synchronize user password hashes in AD to the Entra ID.
This allows users to log in with the same password in a mixed environment.
Configure Seamless Single Sign-On (SSO):
Enabling Seamless SSO improves the user experience by eliminating the need for users to switch between entering credentials locally and in the cloud.
This typically involves configuring the AD Federation Authentication Service (AD FS) or using another authentication provider.
Configure device enrollment and joining:
Ensure that the device is registered to the Entra ID and can access the required resources.
This typically involves installing and configuring the appropriate software on the device, such as Workplace Join or Microsoft Intune.
II. Configuring User Switching
Use multiple sessions or a dedicated browser:
In a mixed environment, users may need to use different sessions or browsers to log in to different resources.
Consider using a multi-session browser (such as Microsoft Edge's InPrivate session) or different browsers to avoid credential conflicts.
Configure conditional access policies:
Use conditional access policies with Entra IDs to control user access to resources.
This ensures that users are authenticated and authorized based on their location and identity when they attempt to access a resource.
Use an application proxy:
If you need to access local resources, consider using Entra ID's Application Proxy feature.
This allows users to access local applications through the cloud without having to connect directly to the local network.
Configure Single Sign-On (SSO):
For scenarios that require users to switch between applications, configuring SSO can simplify the login process.
This typically involves configuring the application's SSO settings in Entra ID and ensuring that users have the appropriate permissions.
III. Resolving Authentication Issues
Check authentication methods:
Ensure that authentication methods (e.g., password hash synchronization, federated authentication, etc.) are properly configured and running.
Check for any authentication errors or warnings and troubleshoot as needed.
Update client settings:
Ensure that the client computer has been updated to the latest operating system and browser version.
Clear the browser cache and old credentials in the Credential Manager to ensure that the latest credentials are used for authentication.
Check DNS and network settings:
Ensure that the DNS settings are correct and that the domain name of the Entra ID can be resolved.
Check network settings to ensure that access to the Entra ID is not blocked.
Best regards
NeuviJ
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.