Questions about tenants and SSO

Kejji, Adam 41 Reputation points

Hello everyone,

I have some questions regarding architecture with multiple tenants.
When we use a trust relation to an Active Directory that is synchronized with Azure AD. Are the users in the trusted domain going to be considered as guests for the apps of the tenant or they are going to be considered as normal users ?
i saw in some articles that using different tenants with the same domain is not supported. Is it the case ? Is it possible to have an alias with the domain name ?
I saw that seamless SSO is not supported in the case of different tenants linked to one AD but is SSO in the cloud supported for different tenants ?
If a custom application got registered in a tenant can users from a different tenant authenticate to the app ? Can another member of a tenant considered as a guest for some application in another tenant ?
Is there any limitation on using SSO with apps in the cloud with mutli-tenant ?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,818 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,916 Reputation points


    Thank you for asking this question on the Microsoft Q&A Platform.

    There are multiple ways to approach this but it depends upon your flexibility in using the apps and where they are hosted, can I suggest that you review this article and it provides detailed architectural of the multi-tenant solution.


    And for the multi tenant user management please review this:

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Limitless Technology 39,336 Reputation points

    Hello there,

    -Single-tenant apps are only available in the tenant they were registered in, also known as their home tenant.
    -Multi-tenant apps are available to users in both their home tenant and other tenants.

    In the Azure portal, you can configure your app to be single-tenant or multi-tenant by setting the audience

    Tenancy in Azure Active Directory


    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments