![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 51%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,657 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Jonan ,
Thanks for reaching out.
I understand you are trying to restrict a multi-tenant application for some specific tenants.
This can be handled from your application by restricted access to users in a specific list of organizations.
1.You can restrict sign-in access to only those user accounts that are in an Azure AD organization that are on the list of allowed organizations by setting the ValidateIssuer parameter to true and set the value of the ValidIssuers parameter to the list of allowed organizations in your startup class.
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuers = new[] // THIS IS IMPORTANT Only accept tokens from these tenants
{
$"https://login.microsoftonline.com/tenant1/v2.0",
$"https://login.microsoftonline.com/tenant2/v2.0"
}
};
2.Alternatively, you can implement a custom method to validate issuers by using the IssuerValidator parameter in the startup.cs
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.