Can we use the native SSO capability (no external plugins) as use Azure AD as the authentication provider? The workflow we’re looking for is similar to that of logging into any Office 365 app, i.e. it would simply redirect to the Microsoft authentication page as part of the sign-in when the session is not authenticated.
If not, I think the OpenID Connect Authentication Plugin could work, but it would be nice to have all the “sso overrides” features, e.g. the name and avatar from their account.
You will need to write a small web service that translates between the Azure AD protocol and the Discourse SSO protocol.
That is doable and it doesn’t need to be a Discourse plugin, so you can use whatever technology you want and host it wherever works best for you.
I built on top of the work of others, and made github.com/consideratio/discourse-sso-oidc-bridge. So, if you have a provider that you want to use OIDC with, but also discourse SSO, then this is a solution.
( I have some trouble with using my IPhone without any interruptions now though, but it may be unrelated to the bridge. I run into a redirect loop between discourse and the discourse-sso-oidc-bridge when returning from my OIDC provider, but only on IPhones, and everything works if i reload the page of discourse. See: SSO redirect loop with Lax cookies, but only for my IPhone?! )