Multi-tenant web app with Azure Active Directory Federated Services and External Authentication

0
votes

I am in the process of developing a web app which I want to be able to offer to multiple tenants. My approach is to use Azure Active Directory Federated Services for SSO user authentication and authorisation. The app also needs to be able to keep track of members for each of the tenants and allow them to log in to view details about their membership. Since these members are not part of the tenant, it does not make sense for them to be added to AAD for each and I want to store their login details in a table in the SQL Server, which the app then queries during login.

Is it possible to use AAD for tenant SSO and Individual User Login for tenant members to logon? If so, can this be done through a single login mechanism, or will it be necessary to provide, say, separate tenantLoginSSO and memberLogin functionality?

And, possibly eliciting too much opinion, but is this the right approach, or would an AAD-B2C implementation be a better option?

1
azuresingle-sign-onazure-active-directorymulti-tenant
Just to clarify - why do you want to separate tenant and member login? And how can a member be not a part of a tenant?mikalai
I want various tenants to be able to login (using SSO) with their organisation's credentials to carry out various management tasks. Each org has a bunch of ad-hoc volunteers who need to log in to view various details but do not have access to the rest of the org's apps. Unless I can register these ad-hoc users in the tenants AAD then I figured I'd need a separate login?Ashley Bye

1 Answers

0
votes

I think create and configure a Azure AD B2C directory is a better solution for you in your scenario. It supports users login via their existing social accounts(Facebook, Goole, LinkedIn, Amazon).

Also it is possible to migrate the existing user credentials from your internal database to Azure AD B2C.

You could find more info about how to create Azure AD B2C directory and register your application here.