That's not technically SSO, but it can be configured how you want it. It's actually the default behavior when you dont have Azure AD Connect installed, and can also be achieved with the corresponding settings disabled.
The user will have to maintain two sets of credentials, one for on-premises and one for Azure AD.
AD Connect Configuration Questions
Understadning SSO without syncing password.
We have a on permise AD and an Azure AD.
On-Premise AD
Username: John.Doe@keyman .com
Password: password01
on Azure AD
Username: John.Doe@keyman .com
Password: password02
We setup DirSync with SSO Disabled & Password Sync Disabled and completed syncing of this user to Azure AD from On-Premise AD. In Azure AD under "All USers" the user shows as "Directory Synced"
We have an application on Azure that works on SSO.
The question is, with SSO Disabled & Password Sync Disabled from on-premise AD to Azure AD, the user must be able to login using
Username: John.Doe@keyman .com
Password: password02
Can this user sign on using his Azure AD credentials with the above configuration?
- is it possible to sync users from on-premise AD to Azure AD without Password Sync and the users can logon to Azure Apps using their Azure AD credentials.
- What happens if we change the Password of the user on the Azure AD with password sync disabled?
2 answers
Sort by: Most helpful
-
Vasil Michev 104K Reputation points MVP
2020-11-18T08:27:40.867+00:00 -
Sunith Philip 1 Reputation point
2020-11-18T10:55:56.183+00:00 In case we need to change this setup to password sync for a selected 20 users out of 150 what is the best way forward in modifying the sync configuration.
What if we need to change the existing configuration and enable passowrd sync and sso for a OU or Universal Group?
Also, we need to setup such that if a password change happens on on-premise AD or Azure AD or M365 it must sync everywhere
Which wud be the apt password sync for this?