Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,562 questions
Point all traffic coming to a tenantID to external IDP
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 34%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECY%3C/text%3E%3C/svg%3E)
Chaitanya Yarrapragada
1
Reputation point
As of current setup Azure is allowing external identity to be added explicitly to a domain and when user tries to access https://portal.azure.com/<tenant-id> and enters mail id specific to this domain then its routing to external IDP else going with normal flow. If we are using external IDP like Keycloak user can register even with their gmail id or any other emailID in such case if user uses their mail id , in this case gmailId Azure login is routing to github or Azure AD but not external IDP. I can understand this behaviour if user hits https://portal.azure.com but if a tenant id is explicitly mentioned in the context then irrespective of the email domain can it be routed to external idp (like Keycloak) in this case. How can this be achieved.