问题描述
尝试弄清楚如何将SSO部署到Web应用程序中以用于以下方案。
Trying to figure out how to deploy SSO into a web application for the following scenario.
域A(contoso.local):通过adconnect和杠杆作用将身份同步到Azure各种应用程序的传递身份验证。
Domain A (contoso.local): Syncing identities to Azure via adconnect and leveraging pass-through authentication for various applications.
域B(contoso.dom):托管我希望域A中的用户能够进入SSO的Web应用程序。 Web应用程序使用azure app proxy发布。
Domain B (contoso.dom): Hosts web application that I want users from domain A to be able to SSO into. The web application is published using azure app proxy.
- 用户在两个域中都有身份(即[email protected]& [email protected])
-Users have identities in both domains (ie [email protected] & [email protected])
-Web应用程序支持IWA
-Web Application supports IWA
专门寻找有关身份部分的指导。 IE如何将这两个身份绑定到唯一的AzureAD实例?这对域A中的PSA有什么影响?是否需要域名信任?
Looking for guidance around the identity portion specifically. IE How to tie in both identities into the sole AzureAD instance? What impact if any will this have on PSA in Domain A? Is a Domain Trust required at all?
推荐答案
域A(contoso.local):通过adconnect将身份同步到Azure,并利用各种应用程序的传递身份验证。
Domain A (contoso.local): Syncing identities to Azure via adconnect and leveraging pass-through authentication for various applications.
域B(contoso.dom):托管我希望域A中的用户能够进入SSO的Web应用程序。 Web应用程序使用azure app proxy发布。
Domain B (contoso.dom): Hosts web application that I want users from domain A to be able to SSO into. The web application is published using azure app proxy.
- 用户在两个域中都有身份(即[email protected]& [email protected])
-Users have identities in both domains (ie [email protected] & [email protected])
-Web应用程序支持IWA
-Web Application supports IWA
专门寻找有关身份部分的指导。 IE如何将这两个身份绑定到唯一的AzureAD实例?这对域A中的PSA有什么影响?是否需要域名信任?
Looking for guidance around the identity portion specifically. IE How to tie in both identities into the sole AzureAD instance? What impact if any will this have on PSA in Domain A? Is a Domain Trust required at all?
这篇关于AD Connect Multiple Forest SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!