r-same-azure-ad-deferred-local-auth-v1

Azure AD SSO was initially planned as sole IdP but was amended mid-session: local auth ships in v1 (argon2id + TOTP mandatory + JWT cookies), Azure AD SSO is deferred until Runwal’s AD infrastructure work completes. Stub interfaces only exist in v1. Migration path: dual-mode → per-user email-match → deprecate local. Do not re-enable Azure AD in v1 without explicit approval.

Related

• r-same-local-auth-v1-azure-ad-deferred
• azure-ad-sso-deferred-v1-uses-local-auth
• azure-ad-sso-deferred-local-auth-v1-stub-interfaces
• r-same-azure-ad-sso-deferred-v1-local-auth-only
• r-same-local-auth-v1-azure-ad-sso-deferred