Microsoft Azure directory with multi-tenant application pattern
Question
I've been searching this for a while now. Does anybody here know how to handle the below case.
I have a SaaS app which requires SSO using Azure directory. I'm able to do it with django-allauth . Now, I need to restrict this to tenants(customers) who have a subscription with us.
To do this, I'm thinking, if I can get the tenantId from Azure directory then I can do a database lookup to see if the customer has a subscription with us. So, does anybody here know how can I accomplish that?
Here is a reference from MS which is not that clear on the how to get tenantId part .
The code from MS for .net for doing what I want to do with django-allauth : MS .NET sample app
1 answers
solution1
0 2020-07-24 13:08:51
I was able to find a solution to the above problem. Whenever the authentication is successful, we get an access token which is a Json Web Token .
Now, if you decode that JWT , you'll get certain claims that come with it. One of the claims by the key tid is the tenantId .
So, in terms of a solution, what I did was this:
- Overrode the
DefaultSocialAccountAdapter - Inside that I overrode the
pre_social_loginand decoded theaccess tokento get thetenantId. - Now, all I needed was a list of
tenantId's to verify against. I'm taking that from the user who has admin access for that company.
Hope this helps someone. I'll be happy to add or clarify the approach more, if needed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.