azure-ad-sso-deferred-local-auth-migration-path

Azure AD SSO for internal platforms should be deferred until the organization’s AD provisioning work is complete — implementing it prematurely against an incomplete AD causes integration churn. v1 pattern: full local auth (argon2id + mandatory TOTP) with stub interfaces ready. Migration path when AD is ready: dual-mode login → per-user email-match against AD → deprecate local accounts.

Related

• r-same-azure-ad-sso-deferred-local-auth-v1
• r-dash-auth-amendment-local-auth-v1-azure-ad-sso-deferred
• r-same-local-auth-v1-azure-ad-deferred
• r-dash-azure-ad-deferred-local-auth-v1-stack
• r-same-m1-identity-backend-core-wave-1-pass-1
• azure-ad-sso-deferred-local-auth-v1-stub-interfaces
• azure-ad-sso-deferred-local-auth-is-v1