onPremisesPublishingSingleSignOn resource type

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents the single sign-on settings for the onPremisesPublishing resource when publishing an on-premises application with Azure AD Application Proxy. This resource is used for setting Integrated Windows Authentication and header-based authentication as the single-sign on mode. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.


Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.


Property Type Description
kerberosSignOnSettings kerberosSignOnSettings The Kerberos Constrained Delegation settings for applications that use Integrated Window Authentication.
singleSignOnMode singleSignOnMode The preferred single-sign on mode for the application. Possible values are: none, onPremisesKerberos, aadHeaderBased,pingHeaderBased.

JSON representation

The following is a JSON representation of the resource.

  "kerberosSignOnSettings": {"@odata.type": "microsoft.graph.kerberosSignOnSettings"},
  "singleSignOnMode": "String"