I have an on-premises application that makes use of the Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL) library to connect to Azure AD. I am using the latest version, 5.1.0.
Azure AD is synched with on premises AD using Azure AD Connect.
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var userCredential = new UserCredential();
var result = await context.AcquireTokenAsync(resource, _clientId, userCredential);When I execute the command line application as the logged on user, an AD account that is synched with Azure AD (searchable, findable, etc. in Azure AD), even overriding the UserCredential() to ensure the upn (user principal
name) matches the user id in Azure AD, I always get the same message:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: 'Integrated Windows Auth is not supported for managed users. See https://aka.ms/adal-iwa for details.'
If I back out to an older version of ADAL (3.19.8), I get the error "Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: 'password_required_for_managed_user: Password is required for managed user'.
What are the prerequisites for Active Directory Integrated Authentication to Azure AD? Maybe some of the User-Sign in options, e.g. Federation, Seamless single sign-on, Pass through authentication need to be enabled?