In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail the example analysis of Azure AD Connect user login options. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.
Azure AD Connect believes that everyone has used it, and its role is to allow users to use the same account password to access local and cloud resources. Make the IT administrator only need to manage the users of the local DC.
In the new version of Azure AD Connect, some changes have taken place in users' login options and an item has been added: pass-through authentication. Currently, there are three authentication methods:
1) password synchronization
2) pass-through authentication
3) ADFS federated authentication
And added: seamless SSO, this function can be used in conjunction with password synchronization and pass-through authentication, after the local domain-joined PC logs in to the system using a domain account, it can directly access cloud resources without entering credentials.
As shown below:
For the above login options, which one should we choose? please refer to the following figure:
Browsers supported by SSO are shown in the following table:
Below, I will focus on the differences between the following two authentication methods:
1) password synchronization using SSO
2) pass-through authentication using SSO
The advantages of the above two authentication methods are as follows:
Great user experience
O Users are automatically signed into both on-premises and cloud-based applications.
O Users don't have to enter their passwords repeatedly.
Easy to deploy & administer
O No additional components needed on-premises to make this work.
O Works with any method of cloud authentication-Password Hash Synchronizationor Pass-through Authentication.
O Can be rolled out to some or all your users using Group Policy.
Register non-Windows 10 devices with Azure AD without the need for any AD FS infrastructure. This capability needs you to use version 2.1 or later of the workplace-join client.
The working principles of the above two authentication methods are shown in the following figure:
For the operation process of specific configuration, please refer to the following link:
Https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso-quick-start
It is important to note that if we use either of the above two methods, we need to add the local intranet address to all PC browsers with the domain:
Https://autologon.microsoftazuread-sso.com
Https://aadg.windows.net.nsatc.net
As shown below:
We can add it through group policy (you can also refer to the link above for this process)
The important difference is:
Use SSO password synchronization if the local Azure AD connect fails, the credential box pops up when the user logs in to the cloud resource (because the SSO password synchronization has synchronized the local user's password hash value to the Azure AD), so we only need to enter the user name and password of the local account to log in.
If we use SSO pass-through authentication, when the local Azure AD connect fails, the user cannot log in to the cloud resource (because this authentication method does not synchronize the user's password to the Azure AD).
Therefore, if we are using SSO pass-through authentication, it is recommended to use a highly available deployment
This is the end of the sample analysis of Azure AD Connect user login options. I hope the above content can be of some help and learn more. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.