![]() The computer reaches out to the ESTS's OAuth2.0 Token endpoint to obtain what is known as a Primary Refresh Token (PRT). When a user logs into a Windows device joined to an Azure Active Directory Domain for the first time the device must contact AAD’s EVO Security Token Service (ESTS) to obtain a token to access the computer. Explaining Windows logon with an Azure Active Directory(AAD) Tenant: This feature benefit eliminates the need to enter a username and password in a credential prompt. This is done by exchanging a domain's Kerberos token the device retrieved during the initial logon, for a Kerberos token that can be used for the application or service being accessed. That said, Windows devices that are joined to an AD domain get the benefit of SSO aka Windows Integrated Authentication(WIA) through the Kerberos Protocol.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |