I'm trying to implement Single Sign-On with Azure AD for my SaaS. I'm using this guide (with sample code): https://learn.microsoft.com/en-us/graph/tutorials/node
Do I need to configure my passport-azure-ad to enable Single Sign-On? I don't just want to connect the application to an Azure AD, I also want to eliminate the need to insert a password (SSO). I'm using OIDCStrategy and all I need for my application is confirmation of the user's email address ("who"), nothing more, to pull up that user's records in my application (if that user exists).
I have changed the environment variables from the common Azure end-point to a specific tenant guide, appid and secret. I get the company-specific screen (with the company logo of the end-user) where the user can click their account. This should be enough for SSO, but now the user then gets redirected to a login screen (also company branded) with their e-mail and a field to enter their password.
So the question boils down to, is there a specific config I need to do in my Node code or is this purely an Azure setup issue?
After much research, it seems like I am looking for "seamless SSO". The only way to achieve this is to publish the app to the Azure AD app gallery (and aligning with a couple of prerequisites, e.g. supporting multi-tenancy): https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-howto-app-gallery-listing
This is not a Node.js or Passport specific issue, it's mostly an Azure AD setup issue.