If you’re planning on making the switch from federated to cloud authentication, you have probably heard of Staged Rollout; a new feature from Microsoft that allows you to pilot the migrated experience without migrating your entire domain. While the feature works as advertised, Microsoft’s setup instruction are missing a key step to get Seamless Single Sign-on (SSO) up and running.
After following Microsoft’s documentation, you will find that while users are moved to cloud authentication, Seamless SSO will not function. This is due to a missing command which is traditionally automatically ran during the configuration of Azure AD Connect, not requiring manual user intervention. Since you won’t be making any changes to the sign-in method within Azure AD Connect when configuring Staged Rollout, the command does not run.
The below instructions will guide you through completing the setup.
- Follow the previously linked Microsoft setup instructions from steps 1 through to 7. Steps 5 to 7 are not required if you completed these during your initial configuration.
- Run command Enable-AzureADSSO -Enable $true to enable SSO on your tenant. Note that this will not impact federated users.
- Continue following Microsoft’s setup instructions unless subsequent steps were completed during your initial configuration.