using the proxy with AAD

microsoft / SPID-and-Digital-Identity-Enabler

This repo contains the SPIDProxy code and several ADFS/Azure B2C related scripts and assets. SPIDProxy allows to communicate with SPID, CIE and eIDAS. The repo also contains a web app enabling CNS authentication through ADFS and AAD B2C.

MIT License

27 stars 12 forks source link

using the proxy with AAD #66

Closed Badjin-bit closed 8 months ago

Badjin-bit commented 1 year ago

Hi, thanks for your good work!

I have an AAD (now entraID) tenant without on-premises connection and I am trying to understand: is there any scenario in which one can have spid users log in to AAD as guests by using their SPID identity and leveraging this proxy?

Thanks!

fume commented 11 months ago

Hi @Badjin-bit , sorry for the late reply.

When using Entra ID, you can't let guest users authenticate via SPID.

You could let them authenticate via spid if they are "members" and you already have a federated domain with ADFS. In this case, on ADFS, you can customize the autnetication process and let them login with SPID, then "map" the SPID user to an AD user via their fiscalNumber.