QUESTION
Can my organization use Single Sign-On (SSO) via Entra ID (formerly Azure) in addition to the Entra ID Active Directory integration?
ANSWER Yes. We recommend configuring both integrations.
Single Sign-On via Entra ID and the Entra ID Active Directory integration both allow users to access Workplace using their Entra ID credentials, and will deny login attempts if their Active Directory account is disabled or deleted.
The Active Directory (AD) integration makes the AD users available for provisioning within Workplace and synchronizes the user's full name, email, and phone number. Additionally, groups and group membership are synchronized. Workplace policies allow for remote wipe of Workplace data synced to devices when an account is disabled or deleted in AD. When a device is wiped, it is also purged.
NOTE The SSO integration in required to support logins using Microsoft MFA (2FA). Both integrations must be enabled to properly support logins with Microsoft MFA).
Using SSO via AD Entra ID also allows a more consistent end user experience, as the login flow and UI is managed by the SSO IdP (Identify Provider).