AAD SSO on second tenant with App Registration to main tenants Web App

Question

I need to provide SSO for my web app using AAD of other tenant

I am running my app in my Azure tenant (A) and I have used App registration in my other Azure tenant (B) to gain access to its AAD.
Within my app I can access the users list of Azure tenant (B). I would like to build further on this by adding SSO.
Unfortunately, I cannot find a document that explain how to accomplish this within Azure.

So the main idea is to run my app in my Azure tenant (A) and when a user makes use of my app the user is logged in by means of SSO with the use of there own AAD user list.

Any pointers, ideas, help on this subject is much appreciated.

Answer 1

Hi @Phyxsius ,

There are two main ways to do this:

1) You can create a multitenant app that allows users to sign in from different tenants and create a service principal in the second tenant.

Guide for configuring a new multi-tenant app: https://learn.microsoft.com/en-us/azure/active-directory/develop/setup-multi-tenant-app

Guide for converting an existing app to be multi-tenant: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

2) You can use B2B and add the users from Tenant A as guest users in Tenant B. This method works well but comes with additional licensing costs. If you take this route you will need one license for every user within your company, or one license for every five external guest users from outside of your company.

Answer 2

Hi MarileeTurscak-MSFT,

And thank you for your prompt reply.
I have already chosen and created a Multitenant App and registerd my app in my second Azure tenant (B) as such.
It seems that there needs to be configured some additional options within Azure to make this possible.

What they are eludes me.