Guest users to sign in to my application using Azure AD

0
votes

I am not entirely sure about what can guest users in Azure can do.

as to my understanding guest users gain accesses to my azure portal if I allow them. But, is there any possibility to authenticate guest users in my application using the ADAL library? or the ADAL library are looking for a created Microsoft Azure User? I would like for the authentication to take place in my .NET based server. I look at this guide:

https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-asp-webapp

and it says:

"At the end of this guide, your application will be able to accept sign-ins of personal accounts (including outlook.com, live.com, and others) as well as work and school accounts from any company or organization that has integrated with Azure Active Directory."

How can I able my guest users to access as well?

Thanks!

2
azureauthenticationoauth-2.0azure-active-directoryadal
First you have to define, is your Application's audience B2C or B2B?Anass Kartit

2 Answers

1
votes

How can I able my guest users to access as well?

First step is to have these external users add to your Azure AD. Any arbitrary user will not be able to sign in into your application.

Next, in your requests for authentication/authorization, you will need to use your tenant endpoint i.e. yourazureadname.onmicrosoft.com instead of common endpoint.

Step 9 in the link you shared, you would need to change the value of tenant configuration setting:

<add key="Tenant" value="yourazureadname.onmicrosoft.com" />
<add key="Authority" value="https://login.microsoftonline.com/{0}/v2.0" />
0
votes

there are two main questions regarding the architecture of your application and your audience or users. as described in here:

https://docs.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison

enter image description here

if you're application is targeting people with personal emails (outlook, gmail).. you should think of B2C authentication

if you're targeting companies that have azure ad, then you have a B2B scenario.

you can find a comparison in here:

https://docs.microsoft.com/en-us/azure/active-directory/b2b/compare-with-b2c

if you are using AAD V2 Endpoint you have to use the Microsoft Authentication Library (MSAL) is designed to work with the Azure AD v2.0 endpoint.

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries

Azure Guest users are external users to your AAD subscription, Guest users from other tenants can be invited by administrators or by other users. This capability also applies to social identities such as Microsoft accounts which can be more of security issue or hard to manage to some organizations.

https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews