With "Microsoft" Identity Provider do we really need federated Active Directory with Kerberos anymore?

hesteban · November 15, 2021, 8:00pm

I’m at an ISV selling on-prem software bundling with KeyCloak to fairly mature IT shops running Active Directory for thousands of employees.

It seems like the “Microsoft” identity provider gives a much better employee user experience, with way less hassle, than federation with AD and setting up Kerberos for auto-login from the windows desktop/browser. Am I missing something? Does anyone have a sense of the proportion of larger shops that have AD and are sophisticated enough to support Kerberos for apps but not “Microsoft” authentication?

weltonrodrigo · November 22, 2021, 10:04pm

Kerberos had been the only option for years and still is for some old windows setups. This is why it’s still present in keycloak.

Topic		Replies	Views
What is the best way to federate users from Azure AD to Keycloak? Getting advice user-federation	10	6730	March 7, 2023
LDAP AD integration + kerberos	3	2812	October 28, 2023
LDAP as an identity provider	0	293	April 11, 2023
Kerberos authentication and user provisioning	5	1823	November 19, 2022
Azure AD with local groups Getting advice authentication , identity-brokering	0	276	November 30, 2022

With "Microsoft" Identity Provider do we really need federated Active Directory with Kerberos anymore?

Related Topics