I’m currently working on application built on ASP.NET MVC
which uses Microsoft account (MSA)
authentication. To implement a new requirement, during a flow (say on step 2) the application has to validate the user against Azure Active Directory (AAD)
authentication for organization account (while MSA
login should persist) to grant special privileges and move to step 3.
So during step 2 to 3 navigation, MSA
authentication should not be logged out and user can be validated against AAD
.
Is it possible to allow have concurrent logged-in via two different identity providers (MSA
and AAD
)?
It is not possible if you are suing Azure AD v1.0 endpoint. However, you can Azure AD v2.0 end point to implement. This document helps in Comparing the Azure AD v2.0 endpoint with v1.0 endpoint.
To build an app that accepts both personal Microsoft account (MSA), and work or school account (Azure AD) sign-in, you'll need to register an app with the Azure Active Directory (Azure AD) v2.0 endpoint. At this time, you won't be able to use any existing apps you may have with Azure AD or MSA - you'll need to create a brand new one. refer to this document to help on it - Quickstart: Register an app with the Azure Active Directory v2.0 endpoint.
You can also use Azure AD B2C and use custom policy to add MSA as Identity Provider. Refer to this document for details - Azure Active Directory B2C: Add Microsoft Account (MSA) as an identity provider using custom policies.