Azure AD and multi-tenant authentication

Hi, I'm working on the REST service and desktop application. I'm thinking about authentication. My app will be for small companies. I assume that one client will have 1-5 users. My first thought was "let's use Azure AD B2B", but after few hours of research I have doubts if this would be good approach. Those companies in 90% would not have own Azure AD, and creating on my own for them domain for one user would be over-engineering.

So, what is an optimal way to implement multi-tenant authentication using trusted services. I would like to avoid using hand made authentication, because of security concerns. Maybe someone done similar using standard Azure AD (no B2B)?

Best regards,

  1. 1

    In your case, you only need to use the Azure AD as an Identity Provider so I think your customers do not need to have their own Azure AD.
    Check out Marius’ blog https://mrochon.azurewebsites.net/2017/07/27/developing-an-azure-ad-b2c-multi-tenant-application/ to see if it is fitted to your requirements.

    1. 1

      @cct thank you for answer. Well, article under link is about Azure AD B2C - if I understand it right the B2C version is about allowing social media profiles as authentication in the application. In my case this approach is not valid. I need something like:
      CompanyA signup in my app. CompanyA by default has one user. CompanyB signup and has default user and JohnB. Administrators of those companies can add users, and they login by username and password - there is not requirement to use gmail, facebook or twitter accounts.

      Definitely I need to make some POC around Azure AD. I think I will need standard Azure AD with some tweaking around user names, which will be somehow connected with the tenant (username concatenation with tenant?).

      Probably I will stay for now with simple handmaid JWT implementation and after few signups I will improve this part of application.

      It's funny how multi-tenant is complicated - from data perspective I choose strategy one database, scheme per tenant and I thought that most difficult is done, but now providing modern, secure authentication seems more complicated.

Trending on Indie Hackers
What you are currently working on? 115 comments IH invite system is broken 28 comments How this Reddit marketing tool used itself to grow to $5k/MRR 24 comments Roast my 3D landing page! 13 comments I'm 19, and I made $11,000 with Notion products. AMA! 11 comments plugmebot: Increase engagement on your twitter profile by creating real-time dp and banner 4 comments