What is seamless single sign-on?

Seamless Single Sign-on (SSSO) is a feature of Microsoft Entra Connect that can be used in conjunction with password hash synchronization (PHS) or pass-through authentication (PTA). Each of these alone provides “same sign-on”, but with SSO in use as well, users will often experience true single sign on.

SSSO configures Microsoft Entra ID as a Kerberos service – so any user who has a valid Active Directory sign-in (and therefore valid Kerberos tokens) will get true single sign-on to Microsoft Entra ID. This depends on various configurations (particularly those allowing the passing of Kerberos tokens to Web targets), and SSSO is always opportunistic – so if it doesn’t work, one of the other sign-on options (PHS or PTA) will be used to authenticate the user.

Want to learn more about seamless single sign-on? Join our Microsoft Entra Connect Masterclass.

Our five-star rated live, instructor-led 3-day Microsoft Entra Connect Masterclass is for architects and administrators responsible for connecting their on-premises Active Directory with a Microsoft Entra ID tenant.