Azure Graph API - best way to onboard organizations (app registration and consent proces)

0
votes

We are developing a SaaS to analyze customer's data within office365 via Graph API and application permissions.

I'm trying to understand the best(and most automated) flow for onboarding the customers. Ideally, the Azure Global Administrator login in our webapp using Microsoft Identity and gives consent to create an account (app registration or enterprise application) with the relevant application permissions. With these permissions our SaaS has access to analyse data.

As of right now, I'm only able to solve this through manual procedure in making the App Registration together with customer on their Azure Tenant which gives me the Client ID, Tenant ID and Secret for our SaaS to authenticate with. I'm assuming something more fancy is possible :)

Also, I was hoping for a method which involved a multi-tenant registration, if that somehow enables reuse of a single app registration or Enterprise application (e.g. in our own Azure tenant) across multiple tenants (customers).

1
azuremulti-tenant

1 Answers

1
votes

According to your description: you want to use a single application registration or enterprise application between multiple tenants, then you only need to change the application to a multi-tenant application, because changing the application to a multi-tenant application allows any tenant log in.

Next, you need to request the consent of the administrators of other organization tenants. You can send the login request URL: https://login.microsoftonline.com/{Other company tenant_id}/adminconsent?client_id={client-id}. After the administrator consent, it will be added to other organization tenants as an enterprise application in.