I am thinking about developing in general a web application for enterprise. What i am thinking about is following scenario:
The application should be able to serve multiple customers (called multitenancy?). That means that multiple companies could use the software for their employees.
Each of them could have a own azure ad or maybe not. Therefore i would like to know if it is possible to authenticate against multiple/different azure ad's?
Lets assume that a user types in his email address user1@companyA.com then i would try to authenticate him against the ad whihc is configured behind the companyA.com ad, when someone tries to login with user361@companyB.com then i would try to authenticate against azure ad which is configured for companyB.com.
Is this possible? How could i do this?
That is the exact reason why multi-tenant applications exist. So a user from any Azure AD can sign in to your application.
The way it works is like this:
There are a couple important things to note on your app's side:
https://login.microsoftonline.com/common/oauth2/authorize
instead of the tenant-specific endpoint. More about single vs multi-tenant: http://www.andrewconnell.com/blog/azure-ad-what%E2%80%99s-the-difference-between-single-vs-multi-tenant
Example multi-tenant app (ASP.NET MVC): https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.