I'm not understanding why your SSO was setup the way it was. I'm not finding the value and hopefully I just set something up wrong. LDAP Only: Step 1: Go to lf.domain.com Step 2: Login with Username and Password. Done SSO: Step 1: Go to lf.domain.com. Step 2: Click SSO Step 3: Answer a popup asking if it's ok to transfer from lf.domain.com to adfs.domain.com. Why is this happening? No other ADFS/SSO solution I have does this. I've never even seen this popup before on anything. Step 4: Answer a popup asking if it's ok to transfer from lf.domain.com to adfs.domain.com. Yes, this happens twice. Step 5: On the ADFS landing page, which should not come up at all using IE in a Windows Domain (pass-through authentication), input a much longer email address and password. Done What I expect to happen with SSO: Step 1: Go to lf.domain.com Step 2: Click SSO Done I followed these instructions: https://man.liquidfiles.com/security/sso_saml2_W2012_server.html Windows Server 2016 - ADFS 4.0 Hopefully someone can help me out. The ADFS landing page should only come up with third party browsers.