Azure AD Registration workflow with 3rd Party App

Question

My company distributes a desktop application for law offices with a background service component that sends and receives mail from a client email account (one email account per law firm that they provision for the application on their own mail server).

We are integrating 2-legged OAuth 2.0 support for Office 365/Exchange, which requires us to register the application in Azure AD and request an access token.

I'm not totally clear on what a standard workflow for this situation would look like. My company does not have an Azure, O365 or Exchange license. I am currently using trial versions of all of these for a proof of concept.

Would it be normal for us to purchase an Azure license, register our application on our own directory, and request API permission from the tenant admin for each law firm?

Or would we request that each law firm register our application individually on their own tenant and grant the necessary API permissions?

Answer 1

@Granville Rex , Based on your explanation, it looks like your application is a multi-tenant app, that is hosted in your tenant but can be used in other tenants too. In this case, since you would be doing the app registration, that would create the application object and service principal object both in your home tenant, hence you would need to have an AAD Premium License (AAD P1/P2) for your tenant.

But, when another user from another tenant tries to access your application, in his tenant, just the service principal of your application gets registered, and for that no license is required.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.