Microsoft has not currently made it easy to figure out how to configure Seamless Single Sign-On when using AAD Connect Cloud Provisioning. Here is how!
So, how you have your users in Azure AD, but Seamless SSO is listed as a supported feature for Azure AD Connect Cloud Provisioning, but where to configure it?
Well, right now Microsoft has not made this easy. First, add https://autologon.microsoftazuread-sso.com as a local intranet site in a GPO or other means.
Second, you need to use PowerShell, and you need multiple files from a regular Azure AD Connect installation. These files can be found HERE – but if you don’t trust my zip file, you can install Azure AD Connect yourself and extract it (no need to run the whole wizard). The files you need are as follows, and can be found in ‘%programfiles%\Microsoft Azure Active Directory Connect’:
Save the zip file in c:\temp, extract it and run the following PowerShell cmdlets (one by one for simpler troubleshooting). The cmdlet is referenced more detailed here.
Unblock-File c:\temp\AzureADSSO.psd1 Unblock-File c:\temp\Microsoft.IdentityModel.Clients.ActiveDirectory.dll Unblock-File c:\temp\Microsoft.KerberosAuth.KerberosAuthInterface.dll Unblock-File c:\temp\Microsoft.KerberosAuth.PowerShell.dll Install-Module AzureAD Import-Module .\AzureADSSO.psd1 New-AzureADSSOAuthenticationContext # Use your global administrator Enable-AzureADSSOForest # Use your domain admin credentials when prompted Enable-AzureADSSO -Enable $true
Again: Remember to add https://autologon.microsoftazuread-sso.com as a local intranet site in a GPO or other means.
Good luck! 🙂