Hi
I would like to know how to configure Azure AD to delegate authentication to another Identity Provider (cloud based IdP). I read through Home Realm Discovery documentation but I am very clear how it works with my below use case.
- User will access SP app URL (SP is integrated with Azure)
- User redirected to Azure login page
- User enters login id
- Now what I want Azure to do is
a) If the user exists in Azure then it should allow user to enter password and continue with authenticating user
b) If the user does not exists in Azure then it should redirect the user to another cloud based IdP
In my case the SP users are spread across azure and another cloud based IdP (Say User Type A in Azure and User Type B is another cloud based IdP) The idea is to give access to both type of users to the application.
Any other approach would also be helpful other than using HRD.