Is there any experience in configuring IBM iWelcome as federated IdP for Azure AD?
The scenario is:
- A user register on iWelcome by specifying her/his original email as user identifier (NOTE: this email can be on different domains)
- The IAM behind iWelcome (IBM CGI) creates a guest account for that user in Azure AD and assign permissions on the related applications (e.g. membership on a team in MS Teams) or objects (resources in an Azure Subscription)
- That same user then authenticates in iWelcome and accesses the desired application/resource protected by Azure AD
Has anyone experience with this kind of integration?
We know that iWelcome supports SAML, OAuth and OpenID Connect but it is not intuitive to understand how to federate it with Azure AD. The Azure AD Federation with a SAML/WS-Fed identity provider (IdP) for B2B has the limitation of a single domain; the users authenticated by iWelcome have emails/IDs with different domains. Is it possible to use the same IdP for multiple domains. If yes, how?
Known ref.:
- https://developers.iwelcome.com/v1.0/faq/which-authentication-federation-sso-technologies-do-you-support
- https://docs.microsoft.com/en-us/azure/active-directory/external-identities/direct-federation#limit-on-multiple-domains
Thank you Stefano
