Share via

Can I use my external API to validate extra logic while some one login with AAD single sign on?

Eranga 0 Reputation points
2023-04-20T12:59:01.95+00:00

We have developed an application with Azure AAD single sign-on. So, We need to check the extra logic instead username & password while the user login to his Microsoft account. We have a Web API that will return the success result if the user email is valid to Authenticate. We need to use that API with Azure AD sign-in. Once someone enters the email and it is a valid email, then normally it redirects to the password page. and once he enters the password and if it is correct, before redirecting to my application, it needs to check the validation against to my API whether this User is in a valid time to log in. If the user is not in a valid time period to log in, then it should display some error message. Is this a possible scenario to implement with Azure AD single sign-on? User's image

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-05-01T05:12:46.8+00:00

    Hello @Eranga , out-of-the-box, Azure AD does not support custom interruptions or extra validations during sign-in flows. You have to implement the aforementioned in your web application and/or web API. E.g. You can prompt for the username/email and validate it. If it's valid you can then redirect to the Azure AD login page passing the username as the login_hint param, if not display an error message. Or, validate id or access tokens against custom logic.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.