Act as flow

  1. The "act as" demonstration involves two main steps. Initially, the user is required to sign in. Upon successful authentication, the demo proceeds to the next step.
  2. In the second step, the user is directed to /SignIn?handler=ActAs&id={username}, where the selected user's ID is temporarily stored in a database. Subsequently, it redirects the user to the Microsoft Entra External ID sign-in page.
  3. Typically, since the user has an active session, no additional sign-in prompt appears; however, a new security token is issued to the Woodgrove Groceries application.
  4. Before issuing this token, Microsoft Entra External ID, through a custom authentication extension, invokes a web API.
  5. The custom authentication extension web API retrieves the user ID (associated with the user who runs the demo) from the database and returns it to Microsoft Entra External ID.
  6. Finally, Microsoft Entra External ID then issues a security token to the Woodgrove Groceries application, which includes the "act as" claim, allowing the application to act on behalf of the user.
  7. Check the token for the "act as" claim.