Azure AD Connect Pass-through Authentication (PTA) is a feature of Azure AD Connect that allows users to sign in to Azure AD-connected applications using their on-premises password, without requiring the synchronization of passwords to the cloud. With PTA, authentication requests are forwarded directly to on-premises Domain Controllers, providing a more secure authentication method while reducing the infrastructure required to support password synchronization.
When a user attempts to sign in to an Azure AD-connected application, the authentication request is forwarded to the PTA agent installed on an on-premises server. The PTA agent then validates the user’s credentials against the on-premises Active Directory, and if successful, issues a token to the application for the user’s session. This token is then used to authorize the user’s access to the application.
PTA works in conjunction with Azure AD Connect to synchronize user and group information to Azure AD, allowing administrators to manage access to cloud resources using on-premises Active Directory.
