Pass through authentication is very helpful for organization not willing to install ADFS or any other single sign on solution but still want to authenticate end users with on premise directory. Today, we will learn in screenshots, how to configure and test this feature.
- Launch Azure AD Connect.
- Supply your credentials and Navigate to User Sign-in and click on ‘Pass-through authentication‘.
- Navigate to Azure to verify current status of Pass-through Authentication Enabled.
Click on ‘Pass-through authentication’
Supply Office 365 Global Administrator credential.
Now, we can see that Only Azure AD Connect Components are installed and have only one service named ‘Microsoft Azure AD Sync’
As soon as you finish above selection, installation of Pass-through agent will start and now you will see more services and binaries in programs and features.
You can see Microsoft Azure Authentication Agent Service and program in programs and featutes.
Once above installation finishes, login to azure and you can see that 1 agent for pass through auth has been installed.
We are seeing warning that only one pass through authentication agent is installed. Let’s go and install it on another server as well.
Clicking on Pass Through Authentication, will take you to Agent Download screens. we will install agent on another machine to make it highly available and the above warning will also go away.
Download Binary and copy it to the server. Double click on the server, It will ask you for global admin credentials.
Now, you can see 2 PTA Agents are showing.
Test PTA (Pass-through authentication)
I have one user firstname.lastname@example.org synced from on prem directory. I tried login from that, it logged in successfully.
Also, I could see PTA Success event in Performance Monitor. You can use Azure AD Connect Authentication Agent Global Performance counter to Monitor.
Intentionally typed incorrect password for svcOffice365@labtest1.tk and I could see PTA Failure event in Performance Monitor.
Thank you for reading !