Hi @NUP · Thank you for reaching out.
Yes, Azure AD can be federated with an external IDP using SAML protocol. You can setup ADFS or any other IDP that supports federation using SAML for this purpose.
Azure AD will receive SAML Assertion from the IDP (ADFS), consume that assertion, and issue Access Token.
If you have application federated to Azure AD and Azure AD is federated to ADFS, and ADFS is responsible to authenticate the users who want to access the application, the flow would be:
- Application will redirect to Azure AD.
- Azure AD will then redirect to ADFS.
- ADFS will contact Claims Provider (e.g. On-premises AD) to authenticate the user and issues a SAML token after successful authentication.
- The token is then provided to Azure AD.
- Azure AD validates the token and issues a new Access token with required claims to access the application.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.