What is Azure Active Directory Seamless Single Sign-On?
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
This feature is not applicable to Active Directory Federation Services (ADFS), which already includes this capability.
Key benefits of using Azure AD Seamless SSO
- Great user experience
- Users are automatically signed into both on-premises and cloud-based applications.
- Users don't have to enter their passwords repeatedly.
- Easy to deploy & administer
- No additional components needed on-premises to make this work.
- Works with any method of managed authentication - Password Hash Synchronization or Pass-through Authentication.
- Can be rolled out to some or all your users using Group Policy.
- Register non-Windows 10 devices with Azure AD. This needs version 2.1 or later of the workplace-join client.
- Sign-in username can be either the on-premises default username (
userPrincipalName) or another attribute configured in Azure AD Connect (
- Seamless SSO is an opportunistic feature. If it fails for any reason, the user sign-in experience goes back to its regular behavior - i.e, the user needs to enter their password on the sign-in page.
- If an application forwards a
domain_hint(identifying your tenant) or
login_hint(identifying the user) parameter in its Azure AD sign-in request, users are automatically signed in without them entering usernames or passwords.
- It can be enabled via Azure AD Connect.
- It is a free feature, and you don't need any paid editions of Azure AD to use it.
- It is supported on web browser-based clients and Office clients that support modern authentication on platforms and browsers capable of Kerberos authentication:
|OS\Browser||Internet Explorer||Edge||Google Chrome||Mozilla Firefox||Safari|
|Windows 10||Yes||Not supported||Yes||Yes*||N/A|
|Windows 8.1||Yes||Not supported||Yes||Yes*||N/A|
|Windows 8||Yes||Not supported||Yes||Yes*||N/A|
|Windows 7||Yes||Not supported||Yes||Yes*||N/A|
|Mac OS X||N/A||N/A||Yes*||Yes*||Not supported|
*Requires additional configuration
For Windows 10, the recommendation is to use Azure AD Join for the optimal single sign-on experience with Azure AD.