Share via

Multi Org vs Multi Tenant difference

Parth P 40 Reputation points
2024-08-12T17:42:14.58+00:00

Hi there,

Are multiple organizations the same as multiple tenants?

I am building a multi-tenant application to access and service data in other tenants.

The response section of the official document states that the list org endpoint will only return one organization, implying that it is the one on which the app is installed.

Link to the documentation

Response: If successful, this method returns a 200 OK response code and a collection of organization objects in the response body. Only one object is returned in the collection.

Question 1: Should I base my app on the tenant ID received in this organization call?

I read the official documentation on multi-org and multi-tenant, but it left me more confused. It seems like an organization can have other tenants via acquisition.

Question 2: If so, what will happen to the installed app? Will it continue to have access to those new organizations if my app is installed on the parent organization, or will each new organization require my app to be installed separately on the tenants for those organizations?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Marcin Policht 50,895 Reputation points MVP Volunteer Moderator
    2024-08-12T18:18:54.1466667+00:00

    Question 1: Should I base my app on the tenant ID received in this organization call?

    No, you should not base your app solely on the tenant ID received from the organization call if your application is truly multi-tenant. In Entra ID, a tenant represents a distinct instance of Entra ID, typically aligned with a single organization. When your application is multi-tenant, it can be installed and used across multiple tenants, each representing a different organization. The organization object returned in the API call corresponds to the tenant where the app is currently installed and does not represent all possible tenants or organizations your app could interact with. Therefore, your application should be designed to handle multiple tenant IDs if it is intended to service multiple organizations.

    Question 2: Will the installed app continue to have access to new organizations if my app is installed on the parent organization, or will each new organization require my app to be installed separately on the tenants for those organizations?

    If an organization acquires another organization that has its own Entra ID tenant, your app will not automatically gain access to the new organization's data unless it is also installed on the new tenant. In Entra ID, each tenant is a separate and isolated entity with its own set of users, resources, and applications. If your app is installed on the parent organization's tenant, it will only have access to data within that tenant. If new organizations (and their associated tenants) are acquired, your app must be installed and granted the necessary permissions on those tenants separately to access their data. Therefore, for each new organization (tenant), the app installation and consent process must be repeated.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.