stackoom
  简体   繁体   中英

Adding Users from one Azure Active Directory to access an application in another Azure Active Directory

 原文  2014-07-04 11:30:39       azure/ single-sign-on/ azure-active-directory

Question

I have two Azure Active Directories - AAD1 & AAD2 - both under same account. I have added a web application to AAD2, so that anyone accessing that web application will be redirected to a single sign-on page. A user from AAD2 - aad2user@aad2.onmicrosoft.com is able to login using his credentials to the web application. I now want a user from AAD1 to access the same web application. So, I added that user to AAD2 (as a global administrator). The azure portal active directory page now shows me the list of users for AAD2 which includes the latest user (AAD1) I have added. Despite, this when I try and login using the credentials of the AAD1 user I encounter an error saying - "The account xxx@aad1 is not configured to sign-in to this company". Do I need to do anything else in-order to allow access from one Azure AD to another Azure AD application?

1 answers

solution1
 2 ACCPTED  2014-07-05 11:51:22

I just figured it out. The trick is to make the Web Application in question a multi-tenant application. There is a provision to do that in the Configure tab of Active Directory Extension->Applications in the Windows Azure Portal. A detailed process for creating a multi-tenant web application is given here . Unfortunately, that one is a bit deprecated and a direct code sample is available here .This is a sample multi-tenant web application which uses OpenId Connect to sign up and sign in users from any Azure Active Directory tenant. I tried it out, followed the instructions and it works like a charm.

The code essentially uses OAuth2 to serve up a request to provision a web application within different tenants given the clientid of the web application and the consent by the user of the target tenant. So to summarize - my web application resides in AAD2. And the code in the sample helps me to programmatically provision the web application as an application in the tenant in AAD1. So users with AAD1 can directly access the web application by giving a consent to do the same. Not only this, but the code also helps me to enable access to users of any other windows azure active directory which is not a part of my subscription to login to the web application. Brilliant!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding users to Windows Azure Active Directory through .Net application Get Azure Active Directory application users and roles Access users from Azure active Directory having persmison type as delegated Authorizing users from Azure Active Directory Manage users in azure active directory Access Azure Active Directory secured site from other web application Access Required Response from Azure Active Directory Active Directory access Azure Storage from browser How integrate active directory and sql azure for authenticating users to access the application running on azure Azure Active Directory access error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM