105 votesunder review · AdminSQL Database feature voting forum admins (Product Owner, Microsoft Azure) responded
We are looking at integration with just-in-time (JIT) access which is part of Azure AD Privileged Identity Management (PIM)Jarle Skogheim supported this idea ·
Reposting so that folks get a notification – from Paul:
Depending on the exact scenario you can do this today. For applications that do interactive browser based sign in to get a SAML assertion, but then want to add access to an OAuth protected API such as Graph, you can simply make an OAuth request to get an Access token for the API. When the browser is redirected to Azure AD to authenticate the user, the browser will pick up the session from the SAML sign in and the user won’t have to enter their credentials.
We are also supporting the OAuth SAML Bearer Asssertion flow for users authenticating with IDPs such as ADFS federated to AAD so that the SAML assertion obtained from ADFS can be used in an OAuth flow to authenticate the user. I’ll post here again when documentation for that is ready.
An error occurred while saving the commentJarle Skogheim commented
Any updates on this?