Using Azure AD Connect as SAML IdP

asked 2020-08-27T15:45:17.187+00:00
Penny Morgan 1 Reputation point

I have a client trying to determine how they wish to manage cloud identities. Here is their statement and question:
"We are still looking into whether to use AD Connect in PTA or Password Hash mode. We are also looking at purchasing SAML capable software. Would we be able to use Azure AD as our SAML ID source using either of the AD Connect modes?"

I've found articles indicating Azure AD itself can be a SAML source (or ADFS can be), but I haven't been able to find much about whether or not the AD Connect configuration has an impact on this.

Any information/recommendations are appreciated!

Thank you!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,549 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2020-08-27T16:40:26.02+00:00
    Andy David - MVP 108.6K Reputation points Microsoft MVP

    Sure, Azure can be used as the SAML source in all three scenarios.

    In all cases, Azure will know where to authenticate against as the Identity Provider.

    Personally, PHS/SSSO is the way to go if you can :)

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

    No comments