We like to use ArcGis Portal in our Microservice environment. This environment uses API Management to give access to all the microservices with one token that is acquired through the API management system with the use of our Azure AD identity provider. The OAuth2.0 grant_type that is used here, is token-exchange (https://www.rfc-editor.org/rfc/rfc8693.html). Because ArcGis Portal doesn't support the grant_type: token-exchange, the users of client applications on our Cloud Environment have to do a extra login for our Portal environment bij choosing an identity provider in a pop-up screen.
With ArcGis Portal it is therefore not possible at this moment to use it in a scenario with API gateways or API-to-API communication.
Therefore we would like to propose an enhancement for ArcGis Portal where Portal does support te token-exchange grant-type.
A second enhancement dat we would like to propose is the ability to set a default identity provider depending on a parameter in the url so the user is automatically switched to de identity provider that is meant for him. This way the user doesn't have to choose between the build-in and Azure AD identity providers.
