This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have an Azure Active Directory Tenant, on which the domain is federated through SAML 2.0. I would like to use this directory to manage windows 10 computers, but when I link the domain to the computer, i cannot login into the computer as it asks for a password which there isn't since the user is logged in through saml.
Is it possible to login into windows using the SAML 2.0 federated domain ?
It seems that i've not been correctly explaining.
I have successfully joined the computer to the AAD tenant and while using SAML 2.0, but when i want to log in into windows, it asks for username/password, which obviously cannot work as the account uses the SAML 2.0 serveur to authenticate. I have successfully federated the domain, this is not the issue, the issue is that, after joining the computer to the tenant, i cannot login using aad's accounts, the only account that works is the local computer administrator.
I'm not sure if i've been clear, so i'll clear it up, here Azure Active Directory is a Service Provider, the SAML Identity Provider is a standalone, custom SAML 2.0 php implementation. Therefore when logging in, AAD redirects the user (through HTTP) to the IDP for identification.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@GribouilleVert As I mentioned in my first answer, Windows 10 login needs WS-Trust: to be enabled on the ADFS. Since you are not using ADFS here, so you will check that this endpoint is enabled or not on your standalone SAML provider.
Your SAML provider needs to have WS Trust open and listening. Check more here :
https://video2.skills-academy.com/en-us/azure/active-directory/devices/azureadjoin-plan#federated-environment
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 96%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
For anyone finding this old thread via a search, Microsoft has enabled this feature now, but ONLY for Education editions for Windows. See https://video2.skills-academy.com/en-us/education/windows/federated-sign-in?tabs=intune for additional details.