Can we do single-click sign-in with an Azure ad, just like we do with Google? and we have to perform this? https://success.outsystems.com/documentation/11/developing_an_application/secure_the_application/end_users/end_users_authentication/configure_azure_ad_authentication/ 

Hi Nihil,

you have two options to integrate with Azure AD Authentication.

On Factory Level: This is described in the article you mentioned. It is configured in the Users Provider and then used across all your applications. This one uses SAML for integration.

On Application Level: Typically used when you want the user to have an option to either login with OutSystems credentials and one or more social accounts. That is the one shown in the webinar.

Iam not sure what you mean with "single click". As long as a user is already authenticated with Microsoft Identity Provider it is just a single click.

Stefan

hello, 

If the user does not have OutSystems credentials and that user only belongs to Azure AD, then? Even that users is not Stored in OutSystems Users 

Hi Nihil,

As much as I know you don't need outsystems credentials or user to validate in Azure ad but for login in outsystems application you need that one without outsystems user you can not login in outsystems application.

What you can do once user validated by Azure Ad and return to application simply check that user exists in user table if not so create it and then by using userid you can login to the application.

Thanks 

Can you please tell me how to validate user by azure Ad

For user authentication/Validation you can refere to Stefan Weber webinar as mentioned above by him or you can use forge components like Idp or azure ad connector.

Well. If you use the Factory method, so configuring your users provider to authenticate against Azure AD via SAML, then the User Provider takes care of automatically creating OutSystems users in case it does not exist.

To answer your question. You always need an OutSystems user. This is how federated login works. You authenticate against an external Identity provider and based on the recevied authentication details you would login the local OutSystems user, that corresponds to the external user.

will it work with SAML?

The user provider in O11 supports SAML only. So yes.

After configuration of Azure Ad, how can I check inside the log-in page whether that user is present in OutSystems users or not? That means if that user is presented in an entity, then only log in; otherwise, I want to show an error message.

So how can I get an authentication response?

I want to use SAML authentication for that If I complete the configuration, what is the next step to perform? (I have AO limitations.)

Hi

after configuration the user provider takes care that an OutSystems user is created automatically if not yet present.

If you want to limit login to a certain group or even single users you configure that in your App registration in Azure Portal

Go to Azure Portal and Enterprise Applications

Select your application you created as SAML endpoint

In the Manage menu go to properties and set the "Assignment required" toggle button to YES and save.

In the users and groups menu add all groups and users that should be able to login.

Best

Stefan