I am thinking about developing in general a web application for enterprise. What i am thinking about is following scenario:
The application should be able to serve multiple customers (called multitenancy?). That means that multiple companies could use the software for their employees.
Each of them could have a own azure ad or maybe not. Therefore i would like to know if it is possible to authenticate against multiple/different azure ad's?
Lets assume that a user types in his email address [email protected] then i would try to authenticate him against the ad whihc is configured behind the companyA.com ad, when someone tries to login with [email protected] then i would try to authenticate against azure ad which is configured for companyB.com.
Is this possible? How could i do this?
That is the exact reason why multi-tenant applications exist. So a user from any Azure AD can sign in to your application.
The way it works is like this:
There are a couple important things to note on your app's side:
https://login.microsoftonline.com/common/oauth2/authorize
instead of the tenant-specific endpoint.More about single vs multi-tenant: http://www.andrewconnell.com/blog/azure-ad-what%E2%80%99s-the-difference-between-single-vs-multi-tenant
Example multi-tenant app (ASP.NET MVC): https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With