This agent listens for password validation requests. Pass-through authentication uses a simple agent on a Windows Server 2012 R2 domain-joined machine in the on-premises environment. This allows for on-premises policies, such as sign-in hour restrictions, to be evaluated during authentication to cloud services. The password doesn't need to be present in Azure AD in any form. With pass-through authentication, the user’s password is validated against the on-premises Active Directory controller. With single sign-on, enabled users only need to enter a username to help them securely access cloud resources.įor more information, see the password hash synchronization article. In addition, you can enable Seamless SSO for users on domain-joined machines that are on the corporate network. You can use password hash synchronization together with password write-back to enable self-service password reset in Azure AD. The passwords are never sent to Azure AD or stored in Azure AD in clear text. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD immediately so that your users can always use the same password for cloud resources and on-premises resources. With password hash synchronization, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD.
0 Comments
Leave a Reply. |