For quite some time (Beginning of 2017) it is now possible to solve SSO scenarios with Azure even without ADFS infrastructure. However, it is only recently that companies has started to not insist on ADFS. Now one may finally also point out the alternative solutions of Microsoft.
The possible scenarios for Seamless SSO are:
- Pass-through authentication (PTA)
- Password Hash Sync (PHS)
Pass-through authentication (PTA)
Disadvantages
- No automatic detection of leaked login data
- Azure AD DS requires enabled Password Hash Synchronization feature in tenant to work
- Is not part of Azure AD Connect Health
Password Hash Sync (PHS)
“Disadvantage“
- Password is synchronized to the cloud (as hash value)