Similar to Azure Active Directory pass-through authentication, federated identity processes the identity validation in an on-premises environment. Federated Identity requires directory objects to be synchronized to Azure Active Directory. 

Azure AD Connect provides a mechanism that we can use to configure federated identity directly for both Active Directory Federation Services (AD FS) and PingFederate, a third-party federation identity provider, from the setup wizard, as shown in the following screenshot:

When federation is configured for an environment, authentication attempts are redirected from the Azure AD login portal to a web server hosting the federated identity provider service endpoint. When a user is redirected to the IDP endpoint, they enter their credentials, if necessary, and the on-premises federation service authenticates the user against the on-premises directory.