It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How to Authenticate On-Premise Active Directory with Microsoft Entra ID

  • Last updated on

If your organization has an on-premise Active Directory with Microsoft Entra ID (formerly Azure Active Directory) with Active Directory Federation Services (AD FS) enabled, users can sign in to both cloud and on-premise resources using Microsoft Entra Connect. For the Barracuda Archive Search for Outlook Add-In and Barracuda Stand-Alone Search Utility, you must use one of the following authentication methods:

  • Password hash synchronization (PHS) – PHS enables users to log in using the same username and password that they use on-premises without having to deploy any additional infrastructure besides Microsoft Entra Connect.
  • Pass-through authentication (PTA) – This option is similar to password hash sync, but provides a simple password validation using on-premises software agents for organizations with strong security and compliance policies.

For additional information, refer to the Microsoft article Microsoft Entra Connect user sign-in options.


Federated Domains

By default, Microsoft Entra ID federated domains do not allow direct authentication. Once a domain is federated, all login requests are fulfilled by the federated service and therefore Microsoft Entra ID logins fail. To resolve this issue, you can stop federating the login domains. Use Microsoft Entra Connect to disable federation on the domains and instead use either the PHS or PTA authentication method described above. 

If it is not feasible to stop federating the login domains, contact Barracuda Networks Technical Support for additional guidance.