Use the SAML module to implement SSO. That works out of the box with Azure AD. See also https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
I always use SAML tracer a plugin for Firefox to test but Azure also has some test wizard that can be used.
For further integration you need Graph: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart
I only looked at it because it might be interesting to create AD users out of Mendix.
Regards,
Ronald
I have recently done research on this for my clients. One thing to keep in mind is that your AzureAD version will determine if the implementation is currently possible. If you a have paid Premium P1 or P2 AzureAD subscription, you can follow the pointers provided by Ronald without issues. However, the default AzureAD that comes with Office365 seems to be a bit tricky at the moment:
Office365 subscriptions normally come with the “FREE” or “OFFICE 365 APPS” tier of AzureAD (versions link) . It supports SSO, but only platforms that have been registered in the “Azure AD App Gallery” can be used for SSO.
From what I gather, this listing is free of charge and the only requirement is that Mendix sends a request to Microsoft for getting listed. I have filed a ticket to Mendix Support for this which was unfortunately declined at this point but I am planning to keep following this up. As it stands you would require “Premium P1 or P2” subscription for AzureAD to the best of my knowledge.
Last month, Mendix released an OIDC SSO module; https://marketplace.mendix.com/link/component/120371
OpenID Connect is a SSO protocol supported by Azure AD as well.
Compared to SAML, OIDC is perceived as easier to set up, and obtained access tokens and/or ID-tokens can be more easily processed in your app, since they’re JWTs.
Have a look!