I have a multi-tenant Azure AD app to which users from multiple tenants will sign in and get access tokens for themselves. These tokens will be passed to my web app. Im trying to figure out how to uniquely identify a user. Within same tenant, object id is a unique identifier. But when users from multiple tenants are accessing my app, how do I uniquely identify them? Will I get the home tenant Id of the user in the access token?
0
votes
1 Answers
2
votes
We can uniquely identify the users from different tenants using their alias name such as User principal name,Users objectID.
In Azure AD , UPN is the User Principal Name. It is always in the format which looks like an email address. Essentially it has 3 parts. User account name, the separator (i.e. @ symbol) and UPN suffix or Domain name. Its primary purpose is to use during the authentication and represents user identity .
Example: Tailspin sells subscriptions to its SaaS application. Contoso and Fabrikam sign up for the app. When Alice (alice@contoso) signs in, the application should know that Alice is part of Contoso.
