Share via

Multi-Tenant Azure Application With Federated Authentication - Building SaaS

  • Article

Back to [[Windows Azure Active Directory Solutions For Developers]] 

Scenario

In this scenario you are developing multi-tenant web application to be deployed on Azure. It requires that the application's tenants will be able to provide authentication to their users. When the tenant signs up for the application he should be able to select authentication method such as Facebook, Google, LiveID, Yahoo!, OpenID 2.0, or AD FS for corporate accounts. When finished with the sign up process the tenant's end users are readily able to use selected authentication method to log on to the application.

  • Multi-tenant Software as a Service (SaaS) web application deployed to Windows Azure.
  • The application requires authentication.
  • Authentication method should be configured during the sign up process.

Solution Approach

ACS is used to solve this scenario.  ACS provides federation with Internet and enterprise identity providers. ACS Management Service is used during sign-up (on-boarding) process for automating the configuration for each tenant and its authentication method. 

  • ACS used for federation with Internet identity providers (IdP's) such as LiveID, Google, Facebook, Yahoo!, and OpenID 2.0 IdP's
  • ACS used for federation via AD FS with enterprise identity providers that manage identities in Active Directory (AD) 
  • ACS Management Service used for automation during on-boarding process when configuring a tenant for specific IdP. 

Analysis

ACS Management Service is the key enabling component in this scenario. ACS Management Service allows to perform management and administrative tasks for your ACS namespace programmatically. For more details read ACS Management Service

How To's

Code Samples

Resources