Hi all -
I need to create a front end login application at "login.mycorp.com" that logs a user in and provides an OAuth/SAML token so that the user can be redirected to "www.mycorp.com" (on a different server) already logged in. The user cannot know they ever left "mycorp.com" and cannot know Microsoft/Azure was ever involved. I.E. i need to white-label AAD/ACS.
Is this possible? It seems that:
1. I can use ACS to customize the login screen, BUT then i cannot change the URL from a microsoft one.
2. I can use AAD to customize the URL BUT then i cannot change the login screen
3. I cannot use the Graph API to log a user in and get a token back.
Is this correct? Are there any other options? If not, is the only other option to go with an existing IDaaS service like PingIdentity?
Thanks,
Michael