WingNews logo WingNews
top | item 28079349

(no title)

teknofobi | 4 years ago

Why does Microsoft seem to default to SAML for organisations using Azure AD?

All our enterprise customers on the Microsoft stack indicate SAML as the only viable option, whereas those on Google Workspace or on more custom IdAM setups in my experience don’t care if you as a vendor prefer SAML or OpenID Connect.

discuss

order

hirsin|4 years ago

The Enterprise Apps section is heavily SAML based, but if you want to look up how to write an app for AAD you won't likely find any SAML docs, you'll find the OIDC docs and oauth SDKs we build. If you see other places where you feel we default to SAML, I'd love to fix that.

throwaway984393|4 years ago

Probably the wrong person to ask, but it would be great if there were guides on replacing SAML with OIDC, if you're already using AzureAD. Our architects are so f'ing clueless they're still telling us to use SAML rather than OAuth2/OIDC to integrate our apps with AzureAD. But if there was an official guide, I could send an e-mail blast to a few higher-ups and say "SAML is teh suck, but here is MS's guide on upgrading to OIDC, it's easy, no more excuses plz kthx"

merb|4 years ago

where does it default to saml? btw. we use azure ad and only rely on openid connect.

teknofobi|4 years ago

It might just be cultural with the customers I’ve integrated with, but we’ve had a policy of requesting OIDC and then only doing SAML if that causes hiccups, and of a handful of SSO integrations with customers on the Microsoft stack there has always been hiccups. There might be other correlations here, such as the IT departments at Microsoft shops in our cases being more driven by consultants and managers.

syshum|4 years ago

Most likely they are talking about adding Non-Gallery Applications (Custom Applications) for SSO, the only option there is SAML

For OpenID Connect the developer has to sign up with Azure and have their app to the Gallery, you can not add a custom add yourself

Right now there are over 1100 Gallery apps using SAML, and only 500 using OpenID Connect

aj3|4 years ago

Well, it is de facto standard in Microsoft world. Honestly, I don’t actually share author's opinion, but it is well presented.