Hello sounder rajan rajan
To allow Tailspin Azure AD users to access the Apollo application without changing the application or its location, follow these steps:
- Configure Apollo Application as Multi-tenant:
- In your Azure AD, configure the Apollo Application as a multi-tenant application.
- This allows users from different Azure AD tenants (including Tailspin) to access the application without being invited as guests.
- Update Application Code:
- Modify the Apollo Application code to validate the issuer and perform authorization using tokens issued by the Contoso tenant.
- When users from Tailspin access the application and accept the consent prompt, a service principal corresponding to your app will be created in the Tailspin tenant.
- The Tailspin tenant can then issue tokens for your multi-tenant application.
- Test and Monitor:
- Test the setup thoroughly to ensure seamless access for Tailspin users.
- Monitor logs and authentication events to troubleshoot any issues.
Remember that the “Cross-tenant access settings” won’t directly achieve this, but configuring the application as multi-tenant will allow Tailspin users to access the Apollo Application without being guests in your tenant
I hope that this response has addressed your query and helped you overcome your challenges. If so, please mark this response as Answered. This will not only acknowledge our efforts, but also assist other community members who may be looking for similar solutions.