Hi @Jonan ,
Thanks for reaching out.
I understand you are trying to restrict a multi-tenant application for some specific tenants.
This can be handled from your application by restricted access to users in a specific list of organizations.
1.You can restrict sign-in access to only those user accounts that are in an Azure AD organization that are on the list of allowed organizations by setting the ValidateIssuer parameter to true and set the value of the ValidIssuers parameter to the list of allowed organizations in your startup class.
o.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuers = new[] // THIS IS IMPORTANT Only accept tokens from these tenants
{
$"https://login.microsoftonline.com/tenant1/v2.0",
$"https://login.microsoftonline.com/tenant2/v2.0"
}
};
2.Alternatively, you can implement a custom method to validate issuers by using the IssuerValidator parameter in the startup.cs
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.