Seamless Single Sign-on (SSSO) is a feature of Azure AD Connect which can be used in conjunction with password hash synchronization (PHS) or pass-through authentication (PTA). Each of these alone provides “same sign-on”, but with SSO in use as well, users will often experience true single sign on.
SSSO configures Azure AD as a Kerberos service – so any user who has a valid Active Directory sign-in (and therefore valid Kerberos tokens) will get true single sign-on to Azure AD. This depends on various configurations (particularly those allowing the passing of Kerberos tokens to Web targets), and SSSO is always opportunistic – so if it doesn’t work, one of the options discussed above will be used to authenticate the user.
Find out more about seamless single sign-on on our Azure AD Connect Masterclass.