Hi @Eric Lynch , this sounds like something tailored for Azure AD B2C. Each customer can have its own tenant which will get federated. This approach will provide complete company data isolation and simplify per customer customization.
Initial steps:
- Create a new tenant in Azure Active Directory per customer
- Create an Azure Active Directory B2C tenant
- Create custom policies in Azure Active Directory B2C (Skip Add Facebook as an identity provider)
- Set up sign-in for each Azure Active Directory customer tenant. One ClaimsProviderSelection, ClaimExchange, ClaimProvider and OpenIdConnect Technical Profile must be added per customer tenant.
- Create an ASP.NET application that will leverage the previously created custom policy and signin users into your application. You can later customize it with domain hints, multiple custom policies and/or login pages and more.
Also, take a look to Authorization in ASP.NET, specially roles, claims and policy-based.