fedration between two mobile apps

Krish Simhadri 21 Reputation points
2022-03-01T23:58:53.72+00:00

I have two mobile apps both are integrated with Azure AD for authentication
App a is integrated with Azure AD 1 (corporate AD)
App b is integrated with Azure AD 2 (vendors AD)

App a users are different to App b users
I am looking for a solution that when an App a user login to the device using corporate AD credentials and access App b, then this user should be seamlessly going into App b with out authenticating again.
any documentation or design would be very helpful

Note App B uses JWT token for authenticating and maintaining user session

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,678 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,336 Reputation points
    2022-03-02T11:56:17.843+00:00

    Hi @Krish Simhadri • Thank you for reaching out.

    I understood that you want SSO between the applications that are federated with two different Azure AD tenants. To achieve this, I can think of the below 2 options that you may consider:

    1. Check if the vendor can configure the App b as a multi-tenant application. In this case, when user from corporate AD will access the application and accept the consent prompt, a service principal corresponding to App b will be created in the corporate AD and it can issue the token for both App a as well as App b. The vendor can configure the application with issuer validation to accept and perform authorization using the token issued via corporate AD.
      Ref: Sign in any Azure Active Directory user using the multi-tenant application pattern
    2. If App b cannot be configured as multi-tenant, the users from corporate AD needs to be added as external/guest users in the vendor's AD. In this case, users will be using the same credentials regardless of whether they are using the App a or App b.
      Ref: Add Azure Active Directory B2B collaboration users in the Azure portal

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful