Enhanced Client or Proxy Profile Version 2.0, can Azure AD be used as the IdP?

Cantor, Scott cantor.2 at osu.edu
Tue Apr 19 16:45:03 UTC 2022

On 4/19/22, 12:40 PM, "Wessel, Keith" <kwessel at illinois.edu> wrote:

>    Amazingly, Okta claims they do. Can't say if it actually works.

Having no evidence I will refrain from expressing an opinion. When I call out a vendor, it's factual.

>    I, too, would be very surprised if Azure AD supported ECP, though. They've mostly adopted OIDC and "sign
> into work or school" flows for getting the credentials in place to support non-browser interactions.

When you have a browser to hand, I would say web -> nonweb cookie is clearly the best approach at this point.

For other use cases, I would imagine that getting the resource owner password grant implemented  would be a good idea. I considered it while I was working on the client credentials grant but it's quite a bit different in a number of ways with regard to how we'd implement it. 

-- Scott

More information about the users mailing list