I am in the process of developing a web app which I want to be able to offer to multiple tenants. My approach is to use Azure Active Directory Federated Services for SSO user authentication and authorisation. The app also needs to be able to keep track of members for each of the tenants and allow them to log in to view details about their membership. Since these members are not part of the tenant, it does not make sense for them to be added to AAD for each and I want to store their login details in a table in the SQL Server, which the app then queries during login.
Is it possible to use AAD for tenant SSO and Individual User Login for tenant members to logon? If so, can this be done through a single login mechanism, or will it be necessary to provide, say, separate tenantLoginSSO and memberLogin functionality?
And, possibly eliciting too much opinion, but is this the right approach, or would an AAD-B2C implementation be a better option?