If you want to move from one external identity provider to another, for example from SAML to Azure AD, you can switch directly between them.

It is not supported to directly switch between Active Directory and other identity providers. If you want to do that, first disable synchronization and authentication, and then save the changes. After that you can switch to another identity provider and configure the associated authentication settings.

When keeping the users, these users will automatically be converted to native users temporarily until they are recognized based on the information provided by the new identity provider. They will not receive an e-mail to set their password for being a temporary native user. (This as opposed to when synchronization and authentication would be disabled and users would be converted to native Horizzon users).

If you choose to remove the users, they will be removed from Horizzon, but also any uncommitted work of the users. So please be aware of this and take the needed measures before you start removing users. The users will not be removed from the original identity provider.

Performing the switch

To perform the switch, follow the instructions for configuring user synchronization and authentication with the identity provider you want to move to:

Configuring user synchronization and authentication with Azure Active Directory

Configuring user synchronization and authentication with a SAML 2.0 based identity provider

Reverting the switch

If you have moved from SAML to Azure AD, but you want to revert the switch, you only need to switch identity provider in the Horizzon authentication settings and save the changes. All settings of the previous identity provider are still there.

If you have moved from Azure AD to SAML and want to revert, you need to switch identity provider in the Horizzon authentication settings and save the changes. After that, start provision in Azure AD to reactivate the Azure AD configuration.