First the justification. Typically a CMS is a public facing application, with a backend system where the site admins will publish content etc, and then the public side where the public / authorized members can view content. Umbraco is built for this, and hence has 2 totally independent authentication systems - one for the backend and one for the content.
We want to use Umbraco in an intranet environment, authenticated against Azure AD, such that if any user successfully authenticates against the tenant, they get to view all the content, and if we have their e-mail address in our admin users table (or they are a member of a particular Azure group), they can get backend access. Bottom line, I don't want 2 separate user lists, just one, where we can selectively grant backend access to particular users.
I have researched this quite a bit and cannot find a way to bend the built-in systems to do this, so instead I want to implement Identity such that it will behave this way - not having separate backend and frontend authentication.
There is no config option I can see to just disable Umbraco authentication altogether.
