Control Admin Authentication to All Tenants with AzureAD SAML SSO

We have 20+ tenants to manage and need to control account access more rationally. To do this in other situations we have implemented AzureAD SAML/SSO. That way, at offboarding, the account goes dead (and we don’t have to hunt for it in each and every tenant).

I cannot figure out how to outsource authentication for my tenant administrators’ accounts to AzureAD Saml. I can set up Enterprise AzureAD as an IdP for an app if I so choose. But I can’t provision an administrator account and then have them authenticate through my SAML IdP.

I am positive that if I were to provision an admin for multiple tenants who also has a GSuite/Google account or a Microsoft Live (or a github, or a LinkedIn) account, that admin would be able to authenticate with one of those services. But what about AzureAD/365? How to apply it to all of the tenants managed under my contract?

Here’s the documentation on this issue from Auth0 support. Hope this saves someone searching.
Auth0-Dashboard-SSO-Customer’s-Guide-22-02-22.pdf (1.0 MB)


Thank you for sharing that with the rest of community!