You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
I am using ID Server for authenticating users against a custom user store (from IUserService). Users can login to several apps, some end-user apps and one of them a user admin app (MVC 5, OWIN with UseOpenIdConnectAuthentication).
The user admin app allows select users to create other users for their own little part of the world (based on accountId from claim). If a user has claim "Role:Admin" the user can create non-admins under his/her own accountId.
I am trying to allow some employees (based on criteria TBD) within our organization access to the user administration app for creating new admins. Employees are not in the user store, and thus cannot sign in with ID Server. Employees are however in our Azure AD.
I can easily switch my OWIN StartUp to use Azure AD instead of IdServer, but I would like to authenticate/authorize employees against Azure AD, and the users in the custom user store against ID Server. Custom user store should be default. Azure AD could be something like https:///adlogin/ or the like. Important thing is that it should be hidden from the (non-employee) end-user as they are easily confused.
Any thoughts on how to do this?
Best regards,
Henrik
The text was updated successfully, but these errors were encountered:
how do users usually get to the login page? you could use the login_hint for the authorization endpoint if they generally come to the site by clicking through different locations:
If you have some way to detect who is a user without their explicit interaction, you could set it up at the beginning of your OWIN pipeline and bifurcate the login experience automatically.
You can set the Caption property of the autentication middleware you want to hide to an empty string. This way it won't show up on the login page, but can still be selected by the login hint.
Hi guys,
Rocking good work on beta3. Thank you!
I am using ID Server for authenticating users against a custom user store (from IUserService). Users can login to several apps, some end-user apps and one of them a user admin app (MVC 5, OWIN with UseOpenIdConnectAuthentication).
The user admin app allows select users to create other users for their own little part of the world (based on accountId from claim). If a user has claim "Role:Admin" the user can create non-admins under his/her own accountId.
I am trying to allow some employees (based on criteria TBD) within our organization access to the user administration app for creating new admins. Employees are not in the user store, and thus cannot sign in with ID Server. Employees are however in our Azure AD.
I can easily switch my OWIN StartUp to use Azure AD instead of IdServer, but I would like to authenticate/authorize employees against Azure AD, and the users in the custom user store against ID Server. Custom user store should be default. Azure AD could be something like https:///adlogin/ or the like. Important thing is that it should be hidden from the (non-employee) end-user as they are easily confused.
Any thoughts on how to do this?
Best regards,
Henrik
The text was updated successfully, but these errors were encountered: