WS-Fed angular app with web api, dilemma

This is my first post, on the community and the issue that I am having is very difficult for me to grasp and take a decision.
I am having a Asp.Net Web Api, not using the OWIN pipeline on the backend side which consumes a internal Windows Identity Foundation app for login and authorization. On the front-end side a pretty standard angular app which communicate with the backend app. The communication for checking the impersonation is heavily based on cookies so no tokens and stuff. Now for getting all the rights, roles and other information there is a in memory cache which get all the desire data.
I will like to migrate the app towards Auth0 as a SSO solution where I need to support google accounts and some AD accounts.

Given that, I will like to get some opinion about the following:

  1. Should I keep Windows Identity Foundation and integrate it with Auth0, or remove it and switch directly to Oauth2 via the OWIN middleware?
  2. What is a good strategy for getting all the information for user(role, permission, additional profile data) for the existing users? Can I do it progressively and still use the old codebase for roles, permissions, profile data and migrate it along the way?
  3. Regarding new users, can I create a fallback logic regarding the roles, permissions? If that is so, what is the recommended way of doing it, Auth0 via rules or inside the my logic? Also does the namespace naming for the claims should take into consideration any rule?
  4. Is it possible with Auth and Windows Identity Foundation to make a deactivation mechanism for a existing user? If the answer is no, then I will switch directly to Oauth2 via Owin.
  5. Regarding multi-tenant strategy is there a possibility of reusing some information that exists alread in Auth0, mostly roles and permissions?

Thanks in advance for anyone who will try to put some light on these topics.

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?