0

Does Microsoft Azure AD B2C support Multi-tenant Architecture? The below diagram is our Architecture. I have created an Azure AD B2C Service call Tenant(Client) and a link to my subscription account. I have registered UI and API application in that tenant. Then I have created the user in Tenant as admin. Admin creates the users to access my application. We are planning to implement Multi-Tenant of Azure AD B2C to Access single Angular Application(UI). From Angular(UI) based on Azure AD B2C con
Example:

I have created an Azure AD B2C Service call TenantA(Client A) and a link to my subscription account. Then I have created the user in TenantA as admin. Admin creates the users to access my application.I have registered

I have created an Azure AD B2C Service call TenantB(Client B) and a link to my subscription account. Then I have created the user in TenantB as admin. Admin creates the users to access my application.

Multiple Tenants of Client A(Tenant A) and Client B(Tenant B) Users should access a single UI application and should access a single API Application.

How can I register for both tenants the same configuration in UI and API Applications?

Rachid O
  • 13,013
  • 15
  • 66
  • 92
mani
  • 105
  • 1
  • 10
  • Hi, if any of the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions. – Raghavendra beldona Jun 22 '20 at 19:11

2 Answers2

0

As per your requirement you can achieve this by enabling the Azure AD single tenant application to multi tenant application and by setting up the endpoint to https://login.microsoftonline.com/common

By this the there is be single application registration/UI/WebAPI and users from both tenants can access your application.

Reference link

If you are particularly looking for Azure AD B2C Multi-Tenant application you can refer this link

Raghavendra beldona
  • 1,937
  • 1
  • 4
  • 9
  • But in Azure AD B2C they will not support https://login.microsoftonline.com/common this type of Url's – mani Jun 12 '20 at 09:49
  • When federating Azure AD B2C with Azure AD's [common endpoint](https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant-custom?tabs=app-reg-ga#add-a-claims-provider), you can integrate with either: `The v1.0 endpoint: https://login.microsoftonline.com/common/oauth2/authorize` `The v2.0 endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize` – Raghavendra beldona Jun 17 '20 at 13:32
0

You can’t, each tenants api scope will be unique, since it’s based on the tenant id.

You could put all users in the same tenant, or use a library that supports multiple token issuers.

Or if you really need isolation on the identities, you could federate a single B2C “funnel” tenant with multiple customer B2C tenants and use home realm discovery to route the authentication flow for the incoming users. This approach must ensure the email is unique amongst all tenants in scope. The funnel tenant would ask for the users email, use custom policy to call a REST API which would use Graph API to lookup the email in all the tenants. Once it finds the tenant, it tells the funnel tenant which B2C federation to redirect the user to to complete the auth.

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20