Azure-docs: What's the scope of OpenID Connect interaction with identity provider functionality?

Created on 7 Mar 2018 · 3Comments · Source: MicrosoftDocs/azure-docs

Does OpenID Connect authorization affect API access only or can it replace the use of 'Username and password' as an Identity Provider when accessing developer portal content?

My goal is to replace Username and password with an [company] approved mechanism to authenticate (and so create or invite) a developer such that we're not storing their registration data (name & email address) in Azure. Need to be able to go beyond restricting API access to also restrict access to content in the portal (while working on a POC I'm restricting access to widget content using layer rules with "isAuthenticated" and url rules). It would currently appear that the only way of achieving this currently is using Delegation

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 30a7ef7d-09d5-c54e-316d-d706c0296c41
Version Independent ID: e787063b-6141-78f3-a7ab-2e21604562b3
Content: How manage user accounts in Azure API Management | Microsoft Docs
Content Source: articles/api-management/api-management-howto-create-or-invite-developers.md
Service: api-management
GitHub Login: @Juliako
Microsoft Alias: apimpm

api-managemensvc cxp in-progress product-question triaged

Source

jamesgallagher-ie

All 3 comments

@jamesgallagher-ie Thank you for your feedback! We will investigate and get back to you with our findings.

mike-urnun-msft on 7 Mar 2018

👍1

@jamesgallagher-ie Yes you are correct that OpenID Connect authorization affect API access only.

You have an option to add different Identity providers from the list of options available in the drop-down. However, regarding the scenario you described above, delegation seems to be the option to go for.