Hi!
I need some help and guidance with regard to integrating multi-tenant application to Azure. We have a custom application that we built for our customers and we wanted only a specific tenant can access the application. How can we restrict it that only the customers tenant can access the application?Â
We configure a non-gallery application apps in tenant A (customers tenant) and register our application in tenant B (our tenant) using the App Registration settings. But tenant C can access the application of tenant B, this is where I’m stuck.
Hoping for your help.Â
Best Regards,
Anj
Hi Anj,
Did you try the tenant restrictions options? Check out the link here.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions
If you will be distributing the app to multiple tenants, then I would strongly recommend building a licensing module within you application.Â
Multi-tenant applications can also get access tokens to call APIs that are protected by Azure AD. A common error when using the Active Directory Authentication Library (ADAL) with a multi-tenant application is to initially request a token for a user using /common, receive a response, then request a subsequent token for that same user also using /common. Because the response from Azure AD comes from a tenant, not /common, ADAL caches the token as being from the tenant. The subsequent call to /common to get an access token for the user misses the cache entry, and the user is prompted to sign in again. To avoid missing the cache, make sure subsequent calls for an already signed in user are made to the tenant’s endpoint.
Apps4Rent | CloudDesktopOnline
Hi Chanakya,
Thanks for the help. We just found out that in this code below, we can filter out or add the tenant in the IssuerValidator.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect Â
Thanks!
Anj 🙂Â
