Currently on APEX 22, with option to go to 24 if necessary.
I have an application with SAML single sign on that allows for electronic signature. Due to regulatory requirements when performing electronic signature the user must enter the password again in a pop-up window. Currently we do an ldap call to Azure Active Directory Domain Services to validate the password when it is entered again. This has worked great, however, we will soon be migrating to a different active directory tenant due to a company merger and have been told we will no longer be able to use AADDS as it is not in place with the new tenant and won't be put in place due to cost. LDAP calls in general are no longer a feasible option because there are multiple forests in play and there is also hesitancy to allow us to continue to have a service account able to make the necessary calls to validate a password. So we are looking for alternatives to be able force the user to enter their password again when esigning that doesn't involve using LDAP for validation.
Has anyone had any success with redirecting to login.microsoft.com from within an application to do a second authentication without losing the session? Open to suggestions. Using an authenticator app is an option as well. I did find an example APEX application using MFA but it was for logging into an application using an authentication scheme and I'm not sure it can be adapted for what we need.