Requirements:
- You use version 1.1.654.0 or later of Azure AD Connect (Check latest version here: https://www.microsoft.com/en-us/download/details.aspx?id=47594)
- Recommendation: Allow outgoing connections to internet using port tcp 443. This is the best practice to make the connection up and running without risk of issues with changing URL. Otherwise: If your firewall or proxy allows DNS whitelisting, whitelist the connections to the *.msappproxy.net URLs over port 443. If not, allow access to the Azure datacenter IP ranges, which are updated weekly. This prerequisite is applicable only when you enable the feature. It is not required for actual user sign-ins.
- You need to have domain administrator credentials for each Active Directory forest
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Restriction! However this feature cannot be used with Active Directory Federation Services (ADFS).
Refer also my blog entry: Azure Active Directory Seamless Single Sign-On
And find more information in Microsoft docs: