Azure AD B2C Multi-Tenant Architecture
Question
Does Microsoft Azure AD B2C support Multi-tenant Architecture? The below diagram is our Architecture. I have created an Azure AD B2C Service call Tenant(Client) and a link to my subscription account. I have registered UI and API application in that tenant. Then I have created the user in Tenant as admin. Admin creates the users to access my application. We are planning to implement Multi-Tenant of Azure AD B2C to Access single Angular Application(UI).
Example:
I have created an Azure AD B2C Service call TenantA(Client A) and a link to my subscription account. Then I have created the user in TenantA as admin. Admin creates the users to access my application.I have registered
I have created an Azure AD B2C Service call TenantB(Client B) and a link to my subscription account. Then I have created the user in TenantB as admin. Admin creates the users to access my application.
Multiple Tenants of Client A(Tenant A) and Client B(Tenant B) Users should access a single UI application and should access a single API Application.
How can I register for both tenants the same configuration in UI and API Applications?
2 answers
solution1
0 2020-06-08 15:38:42
As per your requirement you can achieve this by enabling the Azure AD single tenant application to multi tenant application and by setting up the endpoint to https://login.microsoftonline.com/common
By this the there is be single application registration/UI/WebAPI and users from both tenants can access your application.
Reference link
If you are particularly looking for Azure AD B2C Multi-Tenant application you can refer this link
solution2
0 2020-06-09 06:51:34
You can't, each tenants api scope will be unique, since it's based on the tenant id.
You could put all users in the same tenant, or use a library that supports multiple token issuers.
Or if you really need isolation on the identities, you could federate a single B2C “funnel” tenant with multiple customer B2C tenants and use home realm discovery to route the authentication flow for the incoming users. This approach must ensure the email is unique amongst all tenants in scope. The funnel tenant would ask for the users email, use custom policy to call a REST API which would use Graph API to lookup the email in all the tenants. Once it finds the tenant, it tells the funnel tenant which B2C federation to redirect the user to to complete the auth.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.