Enable SSO in AADDS
Seams kinda crazy that it doesn't support SSO out of the box, also that it hasn't been logged against Domain Services as of yet but would be great to see this added (from what I can see).
Essentially you can setup AADDS, join a machine to said domain and login with a Azure AD account and that's great. But you then need to login to office.com, Office Apps (Word, Outlook), OneDrive,... etc etc all independently.
However with a machine that's joined to an On Prem AD with some intranet settings added to the client & Azure AD Connect you don't have this issue.
We have a Citrix environment and the machines are AADDS joined. We also would like to setup SSO/seamless login for end users. Now there is no ability to get this done. Please make this feature available for AADDS joined machines too.
Please advise, there is no legacy domain, only AADDS. users login to Citrix using their Azure credentials.
Michal Minarik commented
Hello guys, any chance this gets a review?
@Mike S - You state AD DS is a solution for a VDI deployment and clearly it is not. Unless you stipulate the VDI users shouldn't really use Microsft services (O365, OneDrive)
On top of it, all the documentation is so bad the limitations it are not even being mentioned anywhere.
Please either fix the documentation not to promise things that are not there or make the product work as stipulated? Pretty please :)
Mike Stephens commented
Azure AD Domain Services provides legacy authentication to on-premises applications to enable you to lift and shift the applications to the Azure. It is not intended to replace on-premises AD DS-- that is what Azure AD does. With Azure AD Domain Services and Azure App Proxy-- you can achieve SSO like experiences for web applications and move application infrastructure to Azure Compute and reduce your on-premises server footprint and management. Joining workstations to Azure AD Domain Services is not the designed solution, unless its a VDI solution.
Senior Program Manager
IAM Core | Domain Services