I have been tasked with getting SSO working for a few of our vendors (none have an Azure enterprise app) so ADFS I am thinking. I have an on-prem domain with Azure AD sync configured for our Azure tenant, Office 365 only. I was getting ready to map out the project when the project changed. I need to have the ability for my users to login to our vendor sites using SSO if connectivity to my DCs goes down. To achieve my goal of SSO with some kind of failover I am thinking AADDS (or would building out a Azure VM DC\VPN solution be better) and running an ADFS VM in Azure. Would this work? Is there another way to keep logins working if connectivity to my on-prem DCs goes down? Also, I am thinking the Azure VM DC will not work because of the VPN requirement, I have many remote users.
How to keep SSO logins working if on-prem DCs are unavailable?