Published
-
SSSO to ADFS with Hybrid Cloud Trust and Intune
Really quick one today. As you start migrating to Azure AD, you may find the occasional legacy application that’s ADFS dependent. In my environment, we have an application that’s using Windows session login and ADFS to enter the application, and we can’t move it away from that yet. We are however moving to pure AADJ joins and as a result, needed to get SSSO functional with this legacy app. We stood up HCT earlier, and that made it really simple to complete: we just needed to set up a trusted site list in Intune.
The first step is to enter Intune, and create a “Settings Catalog” configuration profile for a “Site to Zone Assignment List”.
Once there, you’ll need to enable it, then start adding sites to the zone assignments list, and for the SSSO it worked for me on the Intranet setting.
There is a guide available here from Microsoft on the formats they accept for the name, and which zone each of the values is associated with.
Policy CSP - InternetExplorer - Windows Client Management
Photo by Aaron Burden on Unsplash