Configure Pass-through Authentication

Configure Pass-through Authentication

Configure Pass-through Authentication

The Pass-through Authentication

This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.

Benefits of the solution

This solution offers the following benefits :

  • The same password for cloud-based applications and on-premise applications
  • When user change password, the modification for cloud-based application is instantaneous
  • Easy to deploy: only one agent to install
  • Passwords are never stored in the cloud
  • Agents can be installed on multiple on-premises servers to provide high availability


Pass-through Authentication requires some Prerequisites :

  • Server with Windows Server 2012 R2 or later for Azure AD Connect (in production, it’s recommended to install agent on three servers.
  • Authentication Agents can make outbound requests to Azure AD (Port 80 for Download Revocation list to permit validate SSL certificate, port 443 for handles all outbound communication with the service and port 8080 for authentication Agents report their status every ten minutes).
  • If you use DNS whitelisting on your Proxy or firewall, you need to add this URL (* and *
  • On your on-premise servers where Authentication Agents is installed, allow this URL on the windows firewall ( and

Install and configure Pass-through Authentication

On your server, download Azure AD Connect, you can use this following link Azure Ad Connect Download.

Download Azure AD Connect

After downloading, run exe file. Check the box I agree to the licence terms and privacy notice and click on Continue.

Wizard Azure AD Connect for Configure Pass-through Authentication

Click on Customize into Windows Express Settings

Customize option Azure AD Connect

Click Install into Install required components Windows(you can select sql server or change installation location on this windows). Installation begin.

Installation of Azure AD Connect

Into User sign-in windows, select Pass-through Authentication and click on Next.

Select option Azure AD Connect

Enter your Azure AD and On-premise Active Directory Credential.

Enter AD Credential for Pass-through Authentication
Enter Azure AD identifiant Configure Pass-through Authentication

Select Continue without matching all UPN suffixes to verified domains and click on Next (internal upn suffixes are not present into Azure AD).

Confirm UPN suffixes

The filtering will be done by a security group, leave the default choice in the Domain and OU filtering window and click on Next.

Choose OU domain for Configure Pass-through Authentication

Enter the name of your group and click on Resolve. This group permit to choice how group or user has been synchronized into your Azure AD Database.

Filtering the synchronization and choose groups Pass-through Authentication

Leave the default choices then click on Next into Optional features wizard then on Install to launch the configuration of Azure AD Connect.

Choose features that you need install Pass-through Authentication

On your azure portal, select Azure Active Directory and Azure AD Connect. One agent has been installed for Pass-through Authentication. if you click on the link, you can download agent for install on two other on premise server.

Azure Portal Pass-Through authentification
Download Agent

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.