So I understand, and have implemented the whole oidc login with provider scenario. However, someone asked a question that I couldn’t answer
As an example, cloudsmith.io allows you to connect Azure AD and login using that
But - this is where my brain fries - this is an online SaaS app where they have potentially thousands of different customers, each with their own AD provider
So when I login with Cloudsmith, my “Login with Azure” disalog from MS appears, and I log in. How does cloudsmith then know which AD provider to use to authenticate / validate
Would it be possible to use this workflow with vault and some scripting ?
Or would it be possible to extract the authenticated jwt from the oidc login and pass that to vault ?