Federated authentication between Azure Active Directory and SharePoint on-premise 2013 Web Application.

Question

Federated authentication between Azure Active Directory and SharePoint on-premise 2013 Web Application.

Sajith Gopalakrishnan Hema 1,056

The requirement is federated authentication between Azure Active Directory and SharePoint on-premise 2013 Web Application. The goal is to allow users to sign in on Azure Active Directory and use their identity to access the SharePoint on-premises sites.

There is an IOS Mobile App which is connected to SharePoint 2013 using Rest API uses basic authenticaion as shown below.From the mobile ios App, files are uploaded to SharePoint 2013 Document Libraries.

Also the Web Application contains SSRS Reports. How to handle permissions for these ? Is there any particular steps required for these ?

1 answer

Your answer

Answer 1

Jerry Xu-MSFT 7,961

Hi, @Sajith Gopalakrishnan Hema ,

For implementing federated authentication between Azure Active Directory and SharePoint on-premises, please follow this tutorial with detailed steps inside.

To configure a web application in SharePoint to trust the Azure AD Enterprise application created above. There are important rules to have in mind:

The default zone of the SharePoint web application must have Windows authentication enabled. This is required for the Search crawler.
The SharePoint URL that will use Azure AD authentication must be set with HTTPS.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Sajith Gopalakrishnan Hema 1,056 Reputation points

2021-05-19T05:45:57.79+00:00

Thanks for the information.

For https, can we have an organizational SSL Certificate or Third Party External Certificate like GoDaddy required ?

Does IOS App and SSRS Report will work as expected with Azure AD Authentication ?
Jerry Xu-MSFT 7,961 Reputation points

2021-05-21T08:48:55.087+00:00

Hi, @Sajith Gopalakrishnan Hema ,
Self-signed certificates are suitable only for test purposes. In production environments, we strongly recommend that you use certificates issued by a certificate authority instead.

For M365, basic authentication will be retired, if you are going to use Microsoft account in Azure AD for daily work, it may be better to consider moving to modern authentication. If only use the synced local AD accounts, they shall still work AFAIK.
Sajith Gopalakrishnan Hema 1,056 Reputation points

2021-05-23T15:37:12.47+00:00

Thanks for the update.

Is it possible to revert the Azure AD Authenticaion ? After configuring Azure AD Authentication, how to remove from the SharePoint Environment ?

Can we use basic authentication for Azure AD Users (synced local AD accounts) ? For users only available in Azure AD, basic authentication will not supported right ?
Jerry Xu-MSFT 7,961 Reputation points

2021-05-25T02:59:33.88+00:00

Hi @Sajith Gopalakrishnan Hema ,

No need to revert federated authentication with Azure AD as you can choose different authentication provider in different zones in a web application. Or you can simply create 2 web applications, the new one using AAD federated authentication and the old one still keeps the old settings. Just like the tutorial I provide at the very beginning, you can create a new web application for AAD federated auth.

As I am not an expert on Azure AD, it will be better to open a support ticket in Azure AD to get more detailed instructions on your scenarios concerning Azure.

Share via

Federated authentication between Azure Active Directory and SharePoint on-premise 2013 Web Application.

1 answer

Your answer