Enterprise App Make Available to Other Organizations - Help

Guilherme Matos 20 Reputation points
2023-11-17T17:12:36.29+00:00

Hello, my name is Guilherme, I am an infrastructure analyst and I have little experience with this service, I would like some help, I will detail my block in more detail.

Guys, today I need to provide an authentication method through Azure SSO, I already have the following scenario working.

1 . I registered an App-entrerprise through Microsoft enter ID, location

  1. We implemented it within a Web application to validate that it is working correctly for local users.

This is my current scenario, I need to make this app available to an external client, but I must make the app accessible to other organizations as well.

Here's my question, can I make this app available to other organizations within Azure, be able to search and access/install it in the same way we run it locally?

How can I do this in a simpler and more dynamic way, without having to manually add an external user, can anyone support me with documentation or even tips for studying.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,518 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 17,976 Reputation points MVP
    2023-11-17T20:30:28.48+00:00

    It's great that you're exploring Azure Single Sign-On (SSO) and looking to expand the accessibility of your application to external clients and other organizations. Here's a step-by-step approach to achieve this:

    1. Azure Active Directory B2B (Business to Business) Collaboration:
      • Azure AD B2B is the recommended way to share your applications with external users. It allows users from other organizations to access your application without creating new accounts in your Azure AD.
      • To implement this, you would invite external users as guests in your Azure AD tenant. These users can then authenticate using their own organizational identities.
      • The process involves sending invitations via email or creating a direct link that external users can use to access your application.
    2. Consent Framework for Multi-Tenant Applications:
      • If your application needs to be accessible to users from multiple Azure AD tenants without specific invitations, consider registering your app as a multi-tenant Azure AD application.
      • This setup allows users from other Azure AD tenants to consent to using your application. Once they consent, their tenant information is stored within your Azure AD, and they can authenticate using their own organizational credentials.
    3. Azure Marketplace:
      • If you want to make your application broadly available to a wider range of Azure customers, consider publishing it on the Azure Marketplace.
      • This is a more commercial approach and is suitable if your app is a product intended for general distribution.
    4. Documentation and Further Reading:
    5. Best Practices:
      • Always test with a small group of external users before rolling out broadly.
      • Keep security in mind, especially regarding what data external users can access.
      • Monitor and audit external access regularly to ensure compliance with your organization's policies.

    By following these steps and utilizing Azure AD's capabilities, you can make your application accessible to external clients and other organizations in a controlled and secure manner.

    Accept the answer if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.