Microsoft Azure Active Directory vs WSO2 Identity Server

Question

I'm trying to choose most suitable Identity Provider from Azure Active Directory vs WSO2 Identity Server. Both looks very promising and have compliance with open standard protocols like SAML, OIDC ...etc

Has any body done evaluation against below features.

• Adaptive / Dynamic authentication
• Multi factor authentication
• Identity Federation against heterogeneous opens standard authentication protocols
• OIDC full protocol suite support including Discovery, DCR.
• UMA support
• Provisioning capabilities including out bound provisioning, just in time provisioning
• SCIM 2.0 compliance
• Authorization capability with XACML 3.0

It would be really great if someone can help with relevant information.

Answer 1

If you already have an Azure AD, this shouldn't be an either or situation. While you can use the Identity Server(IS) as purely an IdP, it's most powerful feature in my experience is its ability to federate multiple Identity Providers.

You can therefore federate Azure AD as an IdP within the IS. You can also add an infinite amount of IdP's (such as an on-prem AD, Google, Facebook etc). The "identity bus" will then provide a single interface to provide IAM to your services (Service providers), manage policies and do user management

The initial cost of having both might be higher than either or, however you will benefit once more user stores are added to your corporation - trust me this is inevitable and will happen.

EDIT; by the way all of the features you listed are possible with IS 5.7.0

We have recently integrated with Azure AD in an IS deployment so that is possible.