How to achieve cross app sso with ADFS not entra ID

Bayu Aji Setyawan 0 Reputation points
2024-12-03T07:48:09.0233333+00:00

Based on this article https://zcusa.951200.xyz/en-us/entra/identity-platform/msal-android-single-sign-on

How to achieve Cross APP SSO with ADFS Account?

I have my environment running full on premise with ADFS 2019, Exchange server 2019 CU 14.

I've already tried the cross app SSO with entra id. But how to achieve it with on premise account with my environment account?

My Goal is to have cross app sso but with adfs account (auto logged in with outlook). I already achieve it with entra id but can't with adfs account.

Is it possible?

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,385 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,536 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,766 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jake Zhang-MSFT 7,925 Reputation points Microsoft Vendor
    2024-12-04T08:51:53.28+00:00

    Hi @Bayu Aji Setyawan ,

    Welcome to the Microsoft Q&A platform!

    Yes, it is possible to achieve cross-app Single Sign-On (SSO) with an ADFS account in your on-premises environment. Here is a high-level overview of the configuration steps:

    1. ADFS Configuration:
    • Set up relying party trusts for your applications.
    • Configure claims rules to pass the necessary user information.
    1. MSAL Configuration:
    • Use the authority parameter in MSAL to point to your ADFS instance.
    • Enable brokered authentication by setting the broker_redirect_uri.
    1. Ensure the Microsoft Authenticator or Intune Company Portal app is installed on the user's device.

    For detailed guidance, you can refer to the Microsoft documentation on enabling cross-app SSO using MSAL.


    Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

    Best,

    Jake Zhang


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.