azure active directory – Do I need to store external idp user in local AAD?
I have inspected a lot of custom policy examples, and I noticed following pattern: If user is new, we store it locally using AAD-UserWriteUsingAlternativeSecurityId
. Do we really need to perform this action? If not, in which case it make sense?
My context is next: authenticate user with given email and issue my b2c token. Later this token with email info inside will be used to query API. I can check that given token was issued by my b2c, and I can trust it. Using nested email I can make authorization.
Read more here: Source link