kerberossignonsettings.md

title	description	ms.localizationpriority	author	ms.subservice	doc_type
kerberosSignOnSettings resource type	Represents the kerberos settings for an on-premises application published via Application Proxy.	medium	dhruvinrshah	entra-applications	resourcePageType

kerberosSignOnSettings resource type

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Represents the Keberos Constrained Delegation (KCD) settings for the onPremisesPublishingSingleSignOn resource when publishing an on-premises application via Microsoft Entra application proxy. Application Proxy uses Kerberos Constrained Delegation (KCD) to support single-sign on to Integrated Windows Authentication applications. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.

Note

Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.

Properties

Property	Type	Description
kerberosServicePrincipalName	String	The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials.
kerberosSignOnMappingAttributeType	kerberosSignOnMappingAttributeType	The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName.

JSON representation

The following is a JSON representation of the resource.

{
  "kerberosServicePrincipalName": "String",
  "kerberosSignOnMappingAttributeType": "String"
}