AD FS & Azure AD

Question

Hello,

I'm looking for some info/pointer.

We have a thick client app using AD FS today. Is it possible to configure AD FS to talk with Azure AD so that our thick client app still thinks it's talking to AD FS? Thanks!

Answer 1

@devtest-0781, Yes, you can configure ADFS to speak to AAD. The way you do that is by creating a federation trust between AAD and ADFS. Ideally you register O365 as an RP on ADFS and that helps in creating the federation trust between AAD and ADFS.

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-setting-up-ad-fs-and-enabling-single-sign-on-to/ba-p/295302

Following the article above you would be able to create the federation trust between ADFS and AAD, and using AD Connect Server, you can sync the on-prem user identities to Azure AD. In this way when a user tries to access any application registered in AAD, would try to login to the app, the app would redirect the user to AAD for auth and from there AAD would forward the user to the respective ADFS server based on the federation trust, since the identity of the user lies on-prem and hence the auth responsibility is offloaded to ADFS by AAD.

This would be the general auth flow. In your case not really sure what you mean by "s it possible to configure AD FS to talk with Azure AD so that our thick client app still thinks it's talking to AD FS?". It would be great if you can throw some more light on this statement, so that it provides a better understanding and we can help you better.

Answer 2

@soumi-MSFT, I don't have an on-prem AD in this example. The users are created directly in AAD, not sync to AAD via the AD Connect Tool.

What I have today: Thick client app --> ADFS

What I'm hoping is possible: Thick client app --> ADFS --> AAD