I want an app to use Azure AD (AAD) for authentication and user info, but unbeknownst to the app, AAD will not have a record of some of those users but will know an IdP it can ask (federate) about those users. The other IdP is not a Microsoft product. The other IdP already manages hundreds or thousands of users, so it is not practical to "invite" all those users to AAD. We don't know all the email addresses for all those users and those users come from many different "domains" (if you base that off their email addresses). I just want to set up a trust of the 3rd-party IdP by AAD and then have AAD pass on the appropriate tokens to the app. Can it be done?
1
There are 1 best solutions below
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in AZURE-ACTIVE-DIRECTORY
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Microsoft Entra ID - How to delete a tenant?
- Azure AD guest account in web app authentication user claims data
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- Azure Cross Cloud Auth using AAD
- Get id token from the access token
- Microsoft Identity does not work in docker desktop
- how to get refresh token in msal-browser Azure AD B2C login?
- Local DX for service-to-service authentication based on Managed Identities in Azure
- How can I add an identity provider to an existing user in an AWS Cognito user pool using the OIDC protocol?
- Azure B2C MFA custom policy flow 'try another way'
- How can I protect an Java Spring boot API against Azure AD B2C if I only have an id_token?
- Is there any way to get a new Azure CLI token without logging out?
- Code a Delegated Permission in Azure Powershell
- Service Principals I create are not being created as mine
Related Questions in IDENTITY
- Avoid resetting AccessFailedCount by CheckPasswordSignIn in ASP.Net Identity
- Camunda 8 Identity not connecting to existing Keycloak
- Identity log out suddenly in ASP.NET Core 7
- Unable to Connect to Azure using Certificate thumbprint with Connect-AzAccount
- what is the use of max_server_pool_size configuration for supertokens
- Sustainsys.saml2: IDX10214: Audience validation failed. Did not match: validationParameters.ValidAudience
- Custom Authorization Policy User.Identity.Name is null
- Impossible to assign a managed identity to my Azure function
- Implementing RFC 8693 Token Exchange with Azure AD for a Non-JWT OAuth2 Token
- Azure FailedIdentityOperation - failure on container app secret update with az cli
- Generate HTML Email from Razor View Page with a Strongly Typed Model
- Why Email Confirmation Token Getting Expired After 10 Minutes [.Net 8]
- Problem with identity scaffolding in ASP.NET
- System.NotSupportedException: Store does not implement IUserRoleStore<TUser>
- How to received a notification about removing user from FreeIPA?
Related Questions in FEDERATION
- AttributeError: 'Parameters' object has no attribute 'parameters'
- Token pass in new tab - parent tab has the token - need to pass same token to child tab using module federation
- Azure DevOps service connection with federation service principal - token is expired after 55 Min
- how to renew idp-signing.crt in powershell o365 (federated)?
- How to configure userInfoUri and tokenUri properties dynamically for federation on each request in spring security?
- Providing a generic PartnerEntity for SAML federation of SAML in Azure B2C
- Why vite-plugin-federation don't build remote project redux
- RabbitMQ federation example
- Using terraform along with service connection based on workload identity federation
- identity federation : one idp with 2 service providers and to share information between this 2 service providers
- Can't find my user on my custom instance on search in mastodon
- Webpack Module Federation and Zustand not sharing same store state
- Mercurius-codegen error Cannot find name '_Service
- I need to create a map of the original import statement of the key in __WEBPACK_MODULES__
- Implementing Graphql Federation in Spring Cloud Gateway (JAVA) connecting with NodeJS/TS microservices
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Looks like you are looking for a formerly-known "Direct Federation". How it's called "SAML/WS-Fed identity provider (IdP) federation".
It is not possible to configure a "3rd-party IdP for some users, even when the domains of those users are not known?".
Domain is not just an address, there is an IdP behind the domain name (in terms of user accounts).
"Federation" == "trust". To establish trust between Azure AD and an Identity Provider, you need to explicitly configure it.
So, it is not possible to do at all.