[MSDN Redirect] Hybrid federated domain with AAD Connect and SAML Auth

Question

We are hybrid with Azure and sync onprem AD via AAD connect . We don't have password hash sync turned on. So all authentication are via on-prem ADFS-3.
Question is, can we use Azure AD as SAML IDP to authenticate users instead of using onprem ADFS for specific application? The scenario is that we would like to grant access to SharePoint onprem to users with in organisation and outside the organisation. Using ADFS as IDP restrict us to provide Auth to internal users only. If we could use Azure as IDP to auth SharePoint onPrem we can get external users to authenticate also. At least that is my understanding.
This is sharePoint onprem Not sharePoint online.

Source: https://social.msdn.microsoft.com/Forums/en-US/f4b04211-ed40-4212-9f19-c8be81d79d5b/hybrid-federated-domain-with-aad-connect-and-saml-auth?forum=ssdsgetstarted

Answer 1

@sashar-msft this is possible per the doc here : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial

The fact that the accounts are pass-through auth might pose an issue. It shouldn't be an issue because there is Seamless-SSO for On-Prem Accounts, per : https://jaapwesselius.com/2017/11/06/single-sign-on-and-azure-ad-connect-pass-through-authentication/ and
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso

In which case the accounts will need password hash sync setup accordingly. In addition to that there are docs on how to setup sharepoint on prem sso here:
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial

If there are any issues with either of those docs please submit a github issue accordingly and the docs will be updated per the issue.

Please remember to mark an answer as answered if this was able to resolve your issue. Thanks!