Hi Ivo and thanks for the reply!
We're actually using Auth0 as well here, but not with OutSystems though. I agree using OIDC and ACF+refres tokens would be a good fit.
Still I am hoping similar can be achieved with Azure AD for the sake of simplicity of our stack. We have until just recently only been working with the Users module for user management (as we have had mostly open-for-all applications on internal network), so we never went down the LDAP route.
That's why the Azure AD option was a great fit as it reduces the login friction and we can use Azure AD for security policies - and on top users are created/updated on-the-fly at login. We're using groups claim in the SAML message so users get their appropriate roles on first login (with all management on Azure AD side), and no need for other user synchronization.
From my first look at the Auth0 component that's all out of reach, so replacement would entail some larger effort.
-Tolli