Configure a third party IDP (via SAML) as primary authenticator for windows login on Windows Active Directory

Question

I got an OnPrem Active Directory environment with AD users (not connected to AzureAD). Now I need to configure a third-party Identify Provider (IDP is managed by me in another environment) via SAML (Idp support saml and oidc) for primary authentication. When the users on client machines type their email addresses, I want the IDP authentication window to pop up and authenticate the user via the IDP without having to enter the password on the windows client machine.

When I read online, it looks like I have to do something with ICredentialProvider, but it is not quite clear to me whether it is a must or if I can do everything via the server manager configuration.

A similar integration has been achieved by Okta, but I need my own solution, rather than integrating via okta or any other service.

Could someone direct me to some docs/resources/tutorials or sample implementations?

Answer 1

Hi,

SAML 2.0 identity providers are third-party products and therefore Microsoft does not provide support for the deployment, configuration, troubleshooting best practices regarding them.
Also there is detailed guidance documentation and it has information so please review and hope it helps.

details.aspx
how-to-connect-fed-saml-idp

----
Please don't forget to upvote and Accept as answer if the reply is helpful

If this answer helped you please mark it as "Verified" so other users can reference it.