| title | description | ms.localizationpriority | author | ms.subservice | doc_type |
|---|---|---|---|---|---|
kerberosSignOnSettings resource type |
Represents the kerberos settings for an on-premises application published via Application Proxy. |
medium |
dhruvinrshah |
entra-applications |
resourcePageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Represents the Keberos Constrained Delegation (KCD) settings for the onPremisesPublishingSingleSignOn resource when publishing an on-premises application via Microsoft Entra application proxy. Application Proxy uses Kerberos Constrained Delegation (KCD) to support single-sign on to Integrated Windows Authentication applications. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.
Note
Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.
| Property | Type | Description |
|---|---|---|
| kerberosServicePrincipalName | String | The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials. |
| kerberosSignOnMappingAttributeType | kerberosSignOnMappingAttributeType | The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName. |
The following is a JSON representation of the resource.
{
"kerberosServicePrincipalName": "String",
"kerberosSignOnMappingAttributeType": "String"
}