Keep ADFS functionning if on-prem DCs are unavailable

SomeName-4319 1 Reputation point
2022-03-25T19:45:37.85+00:00

I have been tasked with getting SSO working for a few of our vendors (none have an Azure enterprise app) so ADFS I am thinking. I have an on-prem domain with Azure AD sync configured for our Azure tenant, Office 365 only. I was getting ready to map out the project when the project changed. I need to have the ability for my users to login to our vendor sites using SSO if connectivity to my DCs goes down. To achieve my goal of SSO with some kind of failover I am thinking AADDS (or would building out a Azure VM DC\VPN solution be better) and running an ADFS VM in Azure. Would this work? Is there another way to keep logins working if connectivity to my on-prem DCs goes down? Also, I am thinking the Azure VM DC will not work because of the VPN requirement, I have many remote users.

How to keep SSO logins working if on-prem DCs are unavailable?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,214 questions
Microsoft Entra
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Devaraj G 2,091 Reputation points
    2022-03-27T14:04:28.133+00:00

    Hi Some, Thanks for posting.

    ADFS will not function without functional domain controllers. Since the DCs are required to process the claim request.

    if its an internal apps, you should be able to leverage app registration to hook the application with AAD.

    0 comments No comments

  2. SomeName-4319 1 Reputation point
    2022-03-29T14:32:54.237+00:00

    I cannot use AADDS to fulfil the claim request? I have to have a DC?