3
2 Comments

Azure AD and multi-tenant authentication

Hi, I'm working on the REST service and desktop application. I'm thinking about authentication. My app will be for small companies. I assume that one client will have 1-5 users. My first thought was "let's use Azure AD B2B", but after few hours of research I have doubts if this would be good approach. Those companies in 90% would not have own Azure AD, and creating on my own for them domain for one user would be over-engineering.

So, what is an optimal way to implement multi-tenant authentication using trusted services. I would like to avoid using hand made authentication, because of security concerns. Maybe someone done similar using standard Azure AD (no B2B)?

Best regards,
Łukasz

  1. 1

    In your case, you only need to use the Azure AD as an Identity Provider so I think your customers do not need to have their own Azure AD.
    Check out Marius’ blog https://mrochon.azurewebsites.net/2017/07/27/developing-an-azure-ad-b2c-multi-tenant-application/ to see if it is fitted to your requirements.

    1. 1

      @cct thank you for answer. Well, article under link is about Azure AD B2C - if I understand it right the B2C version is about allowing social media profiles as authentication in the application. In my case this approach is not valid. I need something like:
      CompanyA signup in my app. CompanyA by default has one user. CompanyB signup and has default user and JohnB. Administrators of those companies can add users, and they login by username and password - there is not requirement to use gmail, facebook or twitter accounts.

      Definitely I need to make some POC around Azure AD. I think I will need standard Azure AD with some tweaking around user names, which will be somehow connected with the tenant (username concatenation with tenant?).

      Probably I will stay for now with simple handmaid JWT implementation and after few signups I will improve this part of application.

      It's funny how multi-tenant is complicated - from data perspective I choose strategy one database, scheme per tenant and I thought that most difficult is done, but now providing modern, secure authentication seems more complicated.

Trending on Indie Hackers
Competing with Product Hunt: a month later 33 comments Why do you hate marketing? 29 comments My Top 20 Free Tools That I Use Everyday as an Indie Hacker 18 comments $15k revenues in <4 months as a solopreneur 14 comments Use Your Product 13 comments How I Launched FrontendEase 13 comments