Greetings,
We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other words, when they want to call our API through their API on behalf of their users, they present a SAML token that is originated from their IDP to our STS (ADFS) and in exchange they get another SAML token they can use to call our API. Furthermore the claims in the SAML token they receive from our STS has been enriched with acceptance transform ruleset, since our ADFS knows which IDP the token is originated from.
We would like to migrate away from ADFS but we need the above authentication flow to take place on prem. Can this be achieved using Entra ID in hybrid mode? Ideally we would like the administration interface to reside in the cloud but the actual authentication flow take place entirely without dependency on the cloud.