Configuring Azure Console for _external_ authentication/SSO/IdP? [migrated]


I’m looking for pointers on how to configure Azure “IAM” to trust an external IdP/Authentication server…. but finding my way around the docs for Azure which is… not easy. Help would be more than appreciated…

Some more context:

The challenge I have to solve should be “easy”: I need to use an 3rd party authentication/MFA solution to manage access to the Azure “cloud” console, to control which users access the console etc.

So my first idea is to configure the Azure console/IAM to use an external IdP for user access/SSO… Now, looking at the docs, I can see lots of info on how to use Azure AD to act as an IdP for other systems, but not so much on how to act as an SP for an external IDP. Also, I find all the different “flavours” of Azure AD that seem to be available somewhat confusing…

The closer I’ve been able to find is this: https://docs.microsoft.com/en-us/azure/active-directory/b2b/direct-federation, but I’m not sure if that’s the approach to follow…

There are other articles like https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp that seem to apply to using a SAML IDP for access to Office or other MS service — but not to the Azure “tenant” itself?

ANY tip more than appreciated 😉!!