Using Azure AD Connect as SAML IdP

Penny Morgan 1 Reputation point
2020-08-27T15:45:17.187+00:00

I have a client trying to determine how they wish to manage cloud identities. Here is their statement and question:
"We are still looking into whether to use AD Connect in PTA or Password Hash mode. We are also looking at purchasing SAML capable software. Would we be able to use Azure AD as our SAML ID source using either of the AD Connect modes?"

I've found articles indicating Azure AD itself can be a SAML source (or ADFS can be), but I haven't been able to find much about whether or not the AD Connect configuration has an impact on this.

Any information/recommendations are appreciated!

Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,667 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 142.3K Reputation points MVP
    2020-08-27T16:40:26.02+00:00

    Sure, Azure can be used as the SAML source in all three scenarios.

    In all cases, Azure will know where to authenticate against as the Identity Provider.

    Personally, PHS/SSSO is the way to go if you can :)

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

    1 person found this answer helpful.
    0 comments