Azure AD B2C Multi-Tenant Architecture

0
votes

Does Microsoft Azure AD B2C support Multi-tenant Architecture? The below diagram is our Architecture. I have created an Azure AD B2C Service call Tenant(Client) and a link to my subscription account. I have registered UI and API application in that tenant. Then I have created the user in Tenant as admin. Admin creates the users to access my application. We are planning to implement Multi-Tenant of Azure AD B2C to Access single Angular Application(UI). From Angular(UI) based on Azure AD B2C con
Example:

I have created an Azure AD B2C Service call TenantA(Client A) and a link to my subscription account. Then I have created the user in TenantA as admin. Admin creates the users to access my application.I have registered

I have created an Azure AD B2C Service call TenantB(Client B) and a link to my subscription account. Then I have created the user in TenantB as admin. Admin creates the users to access my application.

Multiple Tenants of Client A(Tenant A) and Client B(Tenant B) Users should access a single UI application and should access a single API Application.

How can I register for both tenants the same configuration in UI and API Applications?

2
angularasp.net-web-apiazure-ad-b2cazure-ad-b2b
Hi, if any of the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.Raghavendra beldona

2 Answers

0
votes

As per your requirement you can achieve this by enabling the Azure AD single tenant application to multi tenant application and by setting up the endpoint to https://login.microsoftonline.com/common

By this the there is be single application registration/UI/WebAPI and users from both tenants can access your application.

Reference link

If you are particularly looking for Azure AD B2C Multi-Tenant application you can refer this link

0
votes

You can’t, each tenants api scope will be unique, since it’s based on the tenant id.

You could put all users in the same tenant, or use a library that supports multiple token issuers.

Or if you really need isolation on the identities, you could federate a single B2C “funnel” tenant with multiple customer B2C tenants and use home realm discovery to route the authentication flow for the incoming users. This approach must ensure the email is unique amongst all tenants in scope. The funnel tenant would ask for the users email, use custom policy to call a REST API which would use Graph API to lookup the email in all the tenants. Once it finds the tenant, it tells the funnel tenant which B2C federation to redirect the user to to complete the auth.