Problem Statement
We would like to migrate a connection within our tenant from ADFS to Azure AD. How can we do this?
Solution
Normally, when migrating between different connection types, an export/import will need to be performed, and the user_id prefix in Auth0 will change (e.g., adfs|… to ad|…). However, there is a much easier option in this case, as the existing ADFS connection can be used to connect to Azure AD.
To utilize the existing ADFS connection with Azure AD, you just need to change the ADFS URL setting. Therefore, you need to find the WS-Federation metadata endpoint for the Azure AD application, which will be of this form:
https://login.microsoftonline.com/{tenant-id}/federationmetadata/2007-06/federationmetadata.xml?appid={application-id}
The appid={application-id} parameter is important, as it points to the specific app registration and allows Azure AD to include the signing certificate configured for that application in the metadata. Both of the above IDs can be found in the application settings in Azure AD.