ASP.NET : application creating user in any Active Directory

Question

I am currently developping an ASP.NET web application in which the client can create, update or delete employee. My application is a saas application used by several clients in the world and I would like to add the following feature.

Once connected to my application, the client will have access to a form, where he can create an employee (name, surname, adress ...) and click on a button which will send those informations to the client active directory (for example azure active directory) and creates this user in the client's Active Directory.

To have a maximum compatibility with all the types of Active Directory used by my clients, I am looking for a "protocol" (dont know if its the right term) able to communicate (crud operations on user) with any cloud Active Directory.

I have done some researchs on internet, and I found the SCIM protocol, but this one cannot create user in azure Active Directory (https://social.msdn.microsoft.com/Forums/en-US/bfdf8d61-62d4-4238-b2bb-020e383cf854/does-azure-ad-support-crud-operations-on-users-using-scim?forum=WindowsAzureAD).

Thanks in advance for your help

Answer 1

Based on the description, it seems you want to implement a feature that other users when are sign-in your web application could manager the users from their Azure active directory.

If you I understood correctly, you can leverage the Microsoft Graph in the web application. And integrate Azure AD for the authentication to develop an multi-tenant application.

In this scenario, the other users who are the admin of their tenant can sign-in the web app with Azure AD account and give the consent to the app for managing the accounts for their tenants.

Here is an example that calling the Azure AD Graph from the web app for your reference:

active-directory-dotnet-graphapi-web