We have a legacy user database that we need to interoperate with.
There are 2 types of users in the database
- external users that login with username/password
- internal users that login with either username/password, or Azure AD
For internal users, not everyone in the AD should be allowed to login, so we need to perform a database lookup (through a REST API we implemented) with the email address of the AD user first.
I’ve tried 2 options
- Enterprise link - there doesn’t seem to be a way to add a post SSO action to restrict the login at all.
- Custom social connection - I can use the “fetch user profile script” to do the lookup, but there are 2 problems
- after login Auth0 created a different user than the one created after username/password login
- the script doesn’t seem to have access to configuration or secret store - which is needed to store secrets needed to access our REST api for user lookup
Am I going the wrong way, what’s the best way to implement this?