Feature: Support for Azure AD Federated Credentials in the Azure AD Enterprise Connection
Description:
The current Azure AD Enterprise Connection in Auth0 requires both a Client ID and a Client Secret to establish an OpenID Connect (OIDC) trust relationship. However, Azure AD’s newer federated credentials feature allows for authentication scenarios without the need for a static client secret.
This feature would enable organizations to move away from managing and rotating static client secrets, which can introduce operational overhead and potential security risks. Federated credentials provide a more secure, seamless, and “secretless” authentication mechanism that aligns with modern security best practices.
Use-case:
By supporting federated credentials, organizations can adopt a more efficient and secure authentication process. For example:
- Security Benefits: Eliminates the need to store, manage, and rotate static client secrets, reducing the risk of credential leakage or mismanagement.
- Operational Efficiency: Simplifies configuration and reduces administrative burden by removing the need for secret rotation schedules.
- Modern Authentication Alignment: Leverages Azure AD’s latest capabilities for secretless authentication, aligning with evolving security practices.
Currently, the lack of support for federated credentials in Auth0’s Azure AD Enterprise Connection limits our ability to fully utilize these benefits. Adding this feature would enable organizations to enhance their security posture while streamlining their identity management workflows.
We believe this feature would be a valuable addition for enterprises that prioritize security and operational efficiency in their identity solutions.