Hello everybody 👋 Nice to e-meet you 📋 We use Kratos to manage our users. Now, we want to allow some of our users to connect through their SSO on our platform. 👉 For that, we must be able, for instance, to configure a Microsoft azure social, and allow only certain companies to log-in by using SSO. 🤔 Can Kratos handle this use case? If yes, what is the (best) way to achieve that? Thank you in advance for your answers 🙏

Thomas, hi! Did you get a reply on this?

Hello, no 😞 We moved away from Kratos for several reasons, and we are now implementing Keycloak, less trendy, but widely used with the feature we want

Oh, okay. Did you find Keycloak easier to implement comparing it to Kratos? We are on the POC stage, and decided to go with Ory Kratos but we're still on time to change our minds since nothing has been implemented so far.

TL;DR: Yes it was easier We started with Kratos, and we did a POC with it. Then we did the same thing with Keyloak. By comparison, it was much more easier and faster to implement with Keycloak + we were able to implement the browser workflow with SAML 2 and OIDC. I asked a retex in another Slack about this kind of product, and it seems that the pros of Kratos regarding Keycloak is the scalability in term of tenant (when you need mode than some hundred).

Awesome, I've just checked and keycloak configuration seems to be more straightforward and with better information on how to proceed: https://blog.hcltechsw.com/versionvault/how-to-configure-microsoft-azure-active-direct[…]identity-provider-to-enable-single-sign-on-for-hcl-compass/ I'll check that out, thanks!