使用Azure Active Directory的多租户应用程序
[英]Multi-Tenant application using Azure Active Directory
问题描述
We want to develop a multi-tenant web application where the tenants could use one or more of the following identity providers: 
我们希望开发一个多租户Web应用程序,其中的租户可以使用以下一个或多个身份提供者:
- Microsoft LiveID(Microsoft Account) Microsoft LiveID(Microsoft帐户)
- Windows Azure Active Directory (WAAD) Windows Azure活动目录(WAAD)
- Office 365 Office 365
- ADFS ADFS
We have evaluated ACS and it works with all the above identity providers. 我们已经对ACS进行了评估,它可与上述所有身份提供者一起使用。 However it is being deprecated in favor of Windows Azure Active Directory. 但是,不建议使用Windows Azure Active Directory。 We looked into Azure AD and it does support creating multi-tenant applications which are backed by Azure AD / Office 365 tenants. 我们研究了Azure AD,它确实支持创建由Azure AD / Office 365租户支持的多租户应用程序。 This helps us to support customers having Azure AD instance or Office 365. 这有助于我们支持具有Azure AD实例或Office 365的客户。
I would like to know whether: 我想知道是否:
- Azure AD supports federation scenarios with ADFS and Microsoft Account as well? Azure AD还通过ADFS和Microsoft帐户支持联合方案吗?
- In case of ADFS, will it also support SSO? 如果是ADFS,是否也支持SSO?
- Does Azure AD support features like Custom Login screen and Home Realm Discovery (HRD) similar to ACS? Azure AD是否支持类似于ACS的自定义登录屏幕和家庭领域发现(HRD)之类的功能?
- Will Azure AD help in supporting tenants who want to use multiple identity providers(eg both Microsoft Account and ADFS)? Azure AD是否可以帮助支持希望使用多个身份提供程序(例如Microsoft帐户和ADFS)的租户?
Also, as per our application requirements, we do not want to store any of tenant/customer user account details in our Azure AD instance. 另外,根据我们的应用程序要求,我们不想在Azure AD实例中存储任何租户/客户用户帐户详细信息。 We would like Azure AD to take care of authentication and SSO with identity providers mentioned above without any need of storing tenant/customer info. 我们希望Azure AD通过上述身份提供者来处理身份验证和SSO,而无需存储租户/客户信息。
1 个解决方案
解决方案1
1 已采纳 2014-11-18 23:01:09
- As of today Azure AD (AAD) can only connect to ADFS when the latter represents the on-premises directory connected to the corresponding AAD tenant. 从今天开始,Azure AD(AAD)仅在ADFS代表连接到相应AAD租户的本地目录时才可以连接到ADFS。 ADFS instances ran by different organizations are not directly supported, though the can be used if they are themselves projected via AAD. 不直接支持由不同组织运行的ADFS实例,但是如果它们本身是通过AAD进行投影的,则可以使用它们。 Microsoft Accounts are supported as guests - if you add one Microsoft Account to your directory, you'll be able to accept it in your applications. 支持以来宾身份使用Microsoft帐户-如果您将一个Microsoft帐户添加到目录中,则可以在应用程序中接受它。
- In case of ADFS: if the constraint above is respected (the ADFS instance is the one connected to AAD) then yes, you'll get SSO 如果是ADFS:如果遵守上述约束(ADFS实例是连接到AAD的实例),那么可以,您将获得SSO
- As of today, it does not. 到今天为止,还没有。 You can however customize specific parts of the authentication page (logo, etc) 但是,您可以自定义身份验证页面的特定部分(徽标等)
- See #1 参见#1
- In case of ADFS: if the constraint above is respected (the ADFS instance is the one connected to AAD) then yes, you'll get SSO
In the case of multitenancy, you don't need to store any info in your AAD. 如果是多租户,则无需在AAD中存储任何信息。 When a user from a new AAD tenant consent to the use of your app, a corresponding entry will appear in their own directory. 当来自新AAD租户的用户同意使用您的应用程序时,相应的条目将出现在他们自己的目录中。 HTH V. HTHV。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.