| title | kerberosSignOnSettings resource type |
|---|---|
| description | Represents the kerberos settings for an on-premises application published via Application Proxy. |
| ms.localizationpriority | medium |
| author | dhruvinrshah |
| ms.subservice | entra-applications |
| doc_type | resourcePageType |
| ms.date | 07/26/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Represents the Keberos Constrained Delegation (KCD) settings for the onPremisesPublishingSingleSignOn resource when publishing an on-premises application via Microsoft Entra application proxy. Application Proxy uses Kerberos Constrained Delegation (KCD) to support single-sign on to Integrated Windows Authentication applications. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.
Note
Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.
| Property | Type | Description |
|---|---|---|
| kerberosServicePrincipalName | String | The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials. |
| kerberosSignOnMappingAttributeType | kerberosSignOnMappingAttributeType | The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . The possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName. |
None.
The following JSON representation shows the resource type.
{
"kerberosServicePrincipalName": "String",
"kerberosSignOnMappingAttributeType": "String"
}