Single Sign-On for APEX Apps with Azure AD using SAMLv2
Most APEX environments run inside the corporate network. In some cases, you would like to also give registered external users (like customers or partners) access over the internet to specific APEX apps running on the internal APEX instance. To prevent ending up building your own user/password management system including a registration process, most companies already utilize Azure AD, which is the cloud version of Active Directory.
The question here is: how can we securely authenticate external users that are registered in Azure AD? There are various ways how you can achieve this (SAMLv2 or OAUTH2 being two of these). We will utilize the SAMLv2 standard as we only want to trust Azure AD as Identity Provider using a secure channel (SSL) and "automatically" get the user ID together with selected user attributes back as part of the HTTP header.
This document will show you how to setup Single Sign-On using SAMLv2 against Azure AD.
Knowledgebase by MT