...
However if organisations would like to make life easier for users by allowing them to be singned-in/authenticated seamlessly just by clicking "OrganisationX AzureAD" button instead of entering credentials, they can decide to integrate TDS platform into AzureAD or similar kind of identity provider.
TDS team recommends OIDC option as its setup and maintenance is generally easier and more flexible than SAML. For example SAML requires proper timing of certificates exchanges when multiple teams/parties must organise themselves in corporate environments - this makes even regular changes more complicated. OIDC requires regular exchanging of secrets, however thanks to possibility to have multiple secrets at the very same time, changes are easier and do not require strict timing like in SAML case when certificates are being exchanged. SAML setup is less straightforward than in OIDC case.
Azure AD integration with TDS Keycloak using OpenID Connect
...
Details need to be discussed on meeting with customer representatives and AzureAD administrators.
TDS team recommends OIDC option as its setup and maintenance is generally easier and more flexible than SAML. For example SAML requires proper timing of certificates exchanges when multiple teams/parties must organise themselves in corporate environments - this makes even regular changes more complicated. OIDC requires regular exchanging of secrets, however thanks to possibility to have multiple secrets at the very same time, changes are easier and do not require strict timing like in SAML case when certificates are being exchanged. SAML setup is less straightforward than in OIDC case.
ADFS integration with TDS Keycloak using SAML
...