使用自定义IDP对企业用户的Azure AD SAML App访问 [英] Azure AD SAML App access to corporate user using custom IDP

问题描述

我想向本地用户提供对Azure中所有SAML应用程序的访问权限，而无需在Azure AD中同步用户

I want to provide access to all SAML application in Azure to the on premise user without synchronizing users in Azure AD

流应该是当用户访问应用程序时，它会重定向到Azure登录页面，一旦用户提供用户ID(无需输入密码)，用户就会重定向到IDP登录页面，并且用户在idp登录页面上输入凭据.成功认证用户后 重定向到应用程序.

Flow should be when user access the app, it is redirected to Azure login page, once the user provide the user id ( without entering password ) user is redirected to IDP login page and user enter creds on idp login page. After successful authentication user is redirected to Application.

请让我知道如何使用Azure实施.

Please let me know How to implement using Azure.

谢谢

Ankit

推荐答案

在Azure中托管应用程序时，该应用程序配置为信任令牌的Azure AD.因此，即使访问令牌是从本地发出的(用户未同步到Azure AD)，应用程序也将无法使用 令牌.

When you are hosting the application in Azure, the application is configured to trust Azure AD for the Token. So, even if the the access token is issued from the on-premise (users not being sync'd to Azure AD) - the application would not be able to consume the token.

这篇关于使用自定义IDP对企业用户的Azure AD SAML App访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！