Skip to content

Latest commit

 

History

History
57 lines (44 loc) · 2.73 KB

kerberossignonsettings.md

File metadata and controls

57 lines (44 loc) · 2.73 KB
title description ms.localizationpriority author ms.subservice doc_type
kerberosSignOnSettings resource type
Represents the kerberos settings for an on-premises application published via Application Proxy.
medium
dhruvinrshah
entra-applications
resourcePageType

kerberosSignOnSettings resource type

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Represents the Keberos Constrained Delegation (KCD) settings for the onPremisesPublishingSingleSignOn resource when publishing an on-premises application via Microsoft Entra application proxy. Application Proxy uses Kerberos Constrained Delegation (KCD) to support single-sign on to Integrated Windows Authentication applications. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.

Note

Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.

Properties

Property Type Description
kerberosServicePrincipalName String The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials.
kerberosSignOnMappingAttributeType kerberosSignOnMappingAttributeType The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName.

JSON representation

The following is a JSON representation of the resource.

{
  "kerberosServicePrincipalName": "String",
  "kerberosSignOnMappingAttributeType": "String"
}