The 3rd-party IdP (not a Microsoft product) already exists and manages hundreds or thousands of users in multiple domains. That IdP must remain authoritative for those users. I don't want Azure AD (AAD) to get cluttered up by getting a copy of all the info for all of those users. I don't want there to be any chance that AAD has a copy and then somehow AAD's view of some user gets out-of-sync with the 3rd-party IdP's view. I just want AAD to ask (federate) the IdP for the info and authentication whenever an app needs to authenticate or authorize a user (that AAD doesn't know about -- AAD will know about some users for some apps). The app will not know about the 3rd-party IdP. Can it be done?
Asked
Active
Viewed 40 times
1 Answers
0
Yes, this is simply called Direct Federation: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/direct-federation
x0n
- 51,312
- 7
- 89
- 111