w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Adding Users from one Azure Active Directory to access an application in another Azure Active Directory

I just figured it out. The trick is to make the Web Application in question a multi-tenant application. There is a provision to do that in the Configure tab of Active Directory Extension->Applications in the Windows Azure Portal. A detailed process for creating a multi-tenant web application is given here. Unfortunately, that one is a bit deprecated and a direct code sample is available here.This is a sample multi-tenant web application which uses OpenId Connect to sign up and sign in users from any Azure Active Directory tenant. I tried it out, followed the instructions and it works like a charm.

The code essentially uses OAuth2 to serve up a request to provision a web application within different tenants given the clientid of the web application and the consent by the user of the target tenant. So to summarize - my web application resides in AAD2. And the code in the sample helps me to programmatically provision the web application as an application in the tenant in AAD1. So users with AAD1 can directly access the web application by giving a consent to do the same. Not only this, but the code also helps me to enable access to users of any other windows azure active directory which is not a part of my subscription to login to the web application. Brilliant!

© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.