Single sign-on to Azure AD when using FAS

Citrix Federated Authentication Service (FAS) provides single sign-on (SSO) to domain-joined Virtual Delivery Agents (VDAs). FAS achieves SSO by supplying the VDA with a user certificate, which the VDA uses to authenticate the user to Active Directory (AD). Once you sign on to the VDA session, you can access AD resources without reauthentication.

It’s common to implement Azure Active Directory (AAD) with synchronization between your AD and AAD, which creates hybrid identities for both users and computers. FAS can then achieve SSO to AD, however until now it has not been clear how to achieve SSO to AAD within the session. This change will explain the detail of how to configure AAD and FAS to achieve SSO to AAD.

The released article can be found here: https://docs.citrix.com/en-us/federated-authentication-service//current-release/config-manage/aad-sso.html