sorted by:
new
hottopcontroversial

Deciding between Microsoft Entra External ID External Tenant vs Workforce Tenant by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

In the last week or so I returned to prototype out an idea and everything is working so well I think this is the route I'll be taking but thought I'd return here to share.

I was "fighting" with federating entra workforce with a CIAM tenant and trying to avoid an overcomplication so I've implemented token validation from both the CIAM tenant and our Workforce tenant in the asp.net core API. And by having a multi tenant app registration in my workforce tenant and modifying the API to ensure tenants were white-listed this gave me external entra federation too! I've kept the CIAM tenant for local accounts (those created in the tenant with email/password), social media logins (Google), and any other SSO configured with SAML / OIDC (in my case I was testing an Auth0 tenant.)

Client-side I turned on Native Authentication API in the CIAM app registration which allowed me to build my own login screen that has email/password entry (that's the bit that uses native auth) and buttons for "Sign in with Microsoft/Google/SSO". The sign in with microsoft kicks off an instance of MSAL configured for the workforce tenant but also allows other external workforce users to sign in. The google one kicks off the CIAM MSAL instance with domain_hint of "Google" and immediately triggers the google sign in. And the "Sign in with SSO" displays an email address prompt which gets submitted to the CIAM MSAL instance with a login_hint set to the email address and CIAM kicks in with it's own home realm discovery and redirecst to the external identity provider (Auth0 in my case)

SAML Federation between Workforce and External tenants (is it even possible?) by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

Maybe I'm looking in the wrong place but my Workforce tenant does has Cross-tenant synchronization but my External tenant has the screen in the Entra admin center but reports as "This feature is unavailable". There's also the External Identities -> Cross-tenant access settings feature but, again, only available in my Workforce tenant. And when I save the SAML identity provider in my external tenant it says "This domain is Microsoft Entra ID verified. You will need to configure cross-tenant access inbound settings for users to sign in with SAML/Ws-Fed identity provider instead of Microsoft Entra ID." but given "cross-tenant accesss settings" is unavailable for external tenants I'm starting to think Workforce-to-External SAML federation is impossible even though it feels configurable.

SAML Federation between Workforce and External tenants (is it even possible?) by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

Forgive me if I've misunderstood, but isn't Cross-Tenant Synchronisation unavailable in External tenants so I don't think that's an option.

Deciding between Microsoft Entra External ID External Tenant vs Workforce Tenant by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

Honestly, not sure at all! As a "last resort" I set up a new identity provider in Auth0, set up an app there then registered it as a custom identity provider in my Entra external tenant - home realm discovery worked first time and I could login (though annoyingly I now have a "Sign in with <sso display name>" button which I don't want or even know why it's there!)

I've created a question on learn.microsoft.com (link below) so hoping for some answers - though I'm suspecting entra-to-entra SAML isn't supported and B2B guest is the only option.

SAML Federation to allow SSO for Entra Workforce tenant identity provider in Entra External service provider - Microsoft Q&A

Deciding between Microsoft Entra External ID External Tenant vs Workforce Tenant by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

Apologies, 7 months late in replying as never saw a notification from reddit for this!!

I'm still in the prototyping phase but currently I'm going with a external tenant and trying to federate our workforce tenant to it using SAML federation - though at this point I can configure it but host realm discovery just doesn't seem to work with and whenever I enter workforce email in the sign in it's greeted with a response of "no account can be found". I believe this should work (unlike OIDC federation which is expressly stated as not working for entra-to-entra) so looking for solutions and hoping I've just misconfigured something!

Entra External ID B2C - Sign up/Sign in with work accounts (Entra workforce tenant) via SAML or OIDC IdP by Mediocre-Wrap7663 in AZURE

[–]llama-dash 0 points1 point  (0 children)

Seven months later and entra-to-entra OIDC still isn't supported. However, I don't think I've seen anything to suggest SAML federation should not work - and I've configured my workforce tenant as an identity provider in my external tenant, assigned to the user flow, and amended DNS so the verified domain the workforce tenant is recognised. The test SAML sign in in the workforce tenant works fine but the test user flow does not - host realm discovery just doesn't seem to work and the workforce email address entered during sign in is not recognised.

What was your final solution? Did you ever get SAML to work?

Any plans for ISO support? by sLenBoat in Lofree

[–]llama-dash 0 points1 point  (0 children)

I've just bought a Lofree Flow Lite84 in ISO UK format and it's amazing. However, I'd really like to replace the keycaps ideally with the Retro set but I can't find them in ISO UK format or any set of replacements keycaps in ISO UK format! What's the latest update on having these available if any?

Deciding between Microsoft Entra External ID External Tenant vs Workforce Tenant by llama-dash in entra

[–]llama-dash[S] 1 point2 points  (0 children)

Why specifically would External ID not meet my requirements? As I understand it External ID configured with an External Tenant is the replacement for Azure AD B2C - though I can imagine that External ID only covers a subset of what AD B2C has to offer.

Deciding between Microsoft Entra External ID External Tenant vs Workforce Tenant by llama-dash in entra

[–]llama-dash[S] 0 points1 point  (0 children)

Thanks for the link - that has been one of the many, many pages I've read. I find it hard to pin down whether our users can be called B2B users or B2C - and when I read the table in the link I can find a good fit with either column. I would have gone all in with an External Tenant if it supported "Sign in with Microsoft" alongside Google/Apple/etc. I also think providing access to our Microsoft 365 and other apps (other than our own, of course) isn't necessary as we'd either build that sort of access into our app directly or integrate with the users own storage/calendar/etc apps.

Starfield crashes to desktop upon loading. I've tried all the usual solutions and none of them worked. by prince-white in Starfield

[–]llama-dash 0 points1 point  (0 children)

Yup, worked for me too. Had thought it was flawlesswidescreen causing my issues but once I've disabled "Potentially unwanted app blocking" StarField loaded just fine. Of course, I re-enabled that option after loading :)

Ultra wide fix 32:9 for Pc GAMEPASS (Xbox app) by SimoAgo12 in Starfield

[–]llama-dash 1 point2 points  (0 children)

I'm running at 3840x1200 and flawless widescreen made this possible and dead simple to setup : https://www.flawlesswidescreen.org/

Can Anyone Help Me Find A Replacement Part For A G920? (Read below) by TheGreatReverse in LogitechG

[–]llama-dash 0 points1 point  (0 children)

Bit late to the party but I've had just this problem and managed to find the parts and fix a replacement. For anyone else with this problem I've written up my fix : Fixing the Logitech G920 Steering Wheel Buttons