Azure Active Directory configuration

1
votes

I would like to develop single sign on for my application and make it available for many organizations which already have their own Azure ADs and their own users in their Azure ADs.

I would like to make my application multi-tenant but I miss some configuration options. For example:

  1. Adding a custom application to my client's Azure AD from [Add an application from a gallery]>[Custom] seems to be broken. There there is only the link to the documentation.

  2. Would it be possible for the organizations to customize it the application after adding it to their Azure AD? I mean are they able to change the tile logo and the name of the application for their users?

  3. I guess there would be an option to configure multiple single-tenant applications one for each of my customers that would point to the same sign-on url and redirect url, but I would like to avoid this option because in this case I would need a separate client ID and secret for each organization.

Kind Regards,

Nikos

2
azuresingle-sign-onazure-active-directory
Please clean up the terminology. AD is on-premises. Azure AD is in the cloud. Which one do you mean? e.g. "Adding a custom application to my client's AD " is actually my "client's Azure AD". In order to do what you want, each client has to have their own Azure AD tenant. is this the case? Also why did you add the ADFS tag? ADFS is an on-premises product.rbrayb
Ok. Everything I write is meant for the cloud. Yes all the organizations I refer to do have their own tenant. I will rephrase.NickSar68

2 Answers

1
votes

You are confusing two concepts.

For a multi-tenanted application, all you need to do for your application is to tick the multi-tenant box and configure Azure AD via the "Change Authentication" option in VS (using "Work or School / Organisation"). Typically this uses OpenID Connect / OAuth.

When another organization logs in, Azure AD "switches" so that your application is now running on top of their Azure AD i.e. their tenant. One of their admins has to give a one-time consent to access their data.

Adding an application from the Gallery is where you have a SaaS application and you want to federate that application with Azure AD using SAML. In order to do this, you have to work with Microsoft to sort out all the federation details.

No, it's your application. Other organisations can't customize it. You would have to do this in your application based on the tenant name etc.

0
votes

Here is a sample for a multi-tenant Azure AD app: https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-multitenant-openidconnect/

I don't think #2 is possible unless you set it up as a single tenant app for each organization.