Ask Learn
PreviewPlease sign in to use this experience.
Sign inImplement manage pass-through authentication (PTA)
100 XP
Microsoft Entra pass-through authentication allows your users to sign in to both on-premises and cloud-based applications by using the same passwords. Pass-through authentication signs users in by validating their passwords directly against on-premises Active Directory.
Enable the feature
Enable pass-through authentication through Microsoft Entra Connect.
If you're installing Microsoft Entra Connect for the first time, choose the custom installation path. At the User sign-in page, choose Pass-through authentication as the Sign On method. On successful completion, a pass-through authentication agent is installed on the same server as Microsoft Entra Connect. In addition, the pass-through authentication feature is enabled on your tenant.
If you have already installed Microsoft Entra Connect by using the express installation or the custom installation path, select the Change user sign-in task on Microsoft Entra Connect, and then select Next. Then select Pass-through authentication as the sign-in method. On successful completion, a pass-through authentication agent is installed on the same server as Microsoft Entra Connect and the feature is enabled on your tenant.
Important
Pass-through authentication is a tenant-level feature. Turning it on affects the sign-in for users across all the managed domains in your tenant. If you're switching from Active Directory Federation Services (AD FS) to Pass-through authentication, you should wait at least 12 hours before shutting down your AD FS infrastructure. This wait time is to ensure that users can keep signing in to Exchange ActiveSync during the transition.