I’m trying to implement seamless Azure Single Sign-on (SSO) feature. In the case of Google it’s pretty simple, there’s a plugin from Bubble that kind of “merge” two login methods, email and SSO, and allows the user to use either at any time. And there’s no plugin for Azure.
I’ve tried Pathfix service, they have a lot of different integrations, including Azure. They even have Bubble plugins designed specifically to use their service. However, the way it works adds serious limitations. It signs the user via the plugin and in the case of success returns the email. That’s it, you must handle the password manually. In their guide it’s hard-coded into the workflows which means there’re two ways of using this approach:
- Hard-code the password and use only SSO without standard email sign in/ log in.
- Save the password in the db and update it every time the user change it.
In my case the app must sign the user standard way and later “upgrade” to Azure SSO, hence #1 doesn’t work in this case.
And with #2 I have serious concerns about security and app maintainability.
Is the aforementioned method the only one to get Azure SSO integrated seamlessly or is there (hopefully) any better way?