Enhanced Client or Proxy Profile Version 2.0, can Azure AD be used as the IdP?
cantor.2 at osu.edu
Tue Apr 19 16:45:03 UTC 2022
On 4/19/22, 12:40 PM, "Wessel, Keith" <kwessel at illinois.edu> wrote:
> Amazingly, Okta claims they do. Can't say if it actually works.
Having no evidence I will refrain from expressing an opinion. When I call out a vendor, it's factual.
> I, too, would be very surprised if Azure AD supported ECP, though. They've mostly adopted OIDC and "sign
> into work or school" flows for getting the credentials in place to support non-browser interactions.
When you have a browser to hand, I would say web -> nonweb cookie is clearly the best approach at this point.
For other use cases, I would imagine that getting the resource owner password grant implemented would be a good idea. I considered it while I was working on the client credentials grant but it's quite a bit different in a number of ways with regard to how we'd implement it.
More information about the users