Relative n00b here and I think I know what to do but I’m not sure. I have realm (realm-A) that’s appropriately configured with an AD federation, clients, etc. and everything works OK. I’ve been asked to enable the use of our IDP (Azure AD), but only for users that are trying to log in from outside the intranet. Outside users should not be shown the username and password fields at the logon screen…only the IDP selection list.
I’m assuming the way to do this is to keep realm-A as-is and set up a new realm (realm-B) that is configured with the IDP, then do some kind of cross-realm token exchange. Am I on the “right” track here of have I grossly misunderstood my options?
Thanks!
EDIT: quick follow-up question/clarification…is there any way to mask off auth options based on auth flow setup?