question

GranvilleRex-6401 avatar image
0 Votes"
GranvilleRex-6401 asked GranvilleRex-6401 commented

Azure AD Registration workflow with 3rd Party App

My company distributes a desktop application for law offices with a background service component that sends and receives mail from a client email account (one email account per law firm that they provision for the application on their own mail server).

We are integrating 2-legged OAuth 2.0 support for Office 365/Exchange, which requires us to register the application in Azure AD and request an access token.

I'm not totally clear on what a standard workflow for this situation would look like. My company does not have an Azure, O365 or Exchange license. I am currently using trial versions of all of these for a proof of concept.

Would it be normal for us to purchase an Azure license, register our application on our own directory, and request API permission from the tenant admin for each law firm?

Or would we request that each law firm register our application individually on their own tenant and grant the necessary API permissions?

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
1 Vote"
soumi-MSFT answered GranvilleRex-6401 commented

@GranvilleRex-6401, Based on your explanation, it looks like your application is a multi-tenant app, that is hosted in your tenant but can be used in other tenants too. In this case, since you would be doing the app registration, that would create the application object and service principal object both in your home tenant, hence you would need to have an AAD Premium License (AAD P1/P2) for your tenant.

But, when another user from another tenant tries to access your application, in his tenant, just the service principal of your application gets registered, and for that no license is required.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GranvilleRex-6401, Just wanted to check if the above response helped.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 Votes 0 ·

Thank you for your response,

I'm wondering if it's also possible to do this in a way that each of the other tenants registers the application separately. This would bypass the need for us to have our own Premium License. Our company doesn't have a lot of experience dealing with the Microsoft Identity Platform and Microsoft mail services, so we would prefer that the IT departments of our clients do the heavy lifting on their own Microsoft accounts. It is only a fraction of our clients that use O365/Exchange for their mail servers.

Do you know if this a common/acceptable workflow?

0 Votes 0 ·