I’m looking into creating an SSO authentication offering within our current parse server offering. This would see some users having the option of having SSO if their organisation is setup with an SSO capability.
For the first part we are proposing having the common two part login screen where the user first enters their email address before progressing. An API call is made and check on the parse server side is made to determine if this user is an SSO user. The response to the frontend app would be:
- Display password input - they are a normal user
- Forward the user to the Microsoft Login Portal for authentication and token allocation and return to the App.
- Any errors etc…
A customer we are looking to build this for give us the following information:
a. They are running On Premises Active Directory
b. The On Prem AD syncs with Azure.
My questions are:
- Can the authentication adaptor for Microsoft Graph (which comes with Parse Server) be used in this case?
- Would there be specific Role / Level setup on the AD side in order to allow a login for this service?
- What information do we need from this customer in order to setup this in a staging environment for development and testing?
Many thanks in advance.