0

I'm building a C# MVC webapp. The plan is:

  1. First time user creates a custom account
  2. When logged in, add a tenant with Microsoft OAuth2, agree to permissions
  3. The webapp aggregates pre-configured Log Analytics items for each user's onboarded tenants.

How do I handle multitenant onboarding, where one user supplies multiple tenant accounts?

How do I authenticate and authorise once and call Azure APIs forever?

Lukas Antanavičius
  • 1
  • 3
  • You can just create an multi-tenant app and config the required permissions that you will need to call Azure APIs. Details, see : https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant let me know if you have any other questions. – Stanley Gong Jan 12 '21 at 06:09
  • Did you check my answer? If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). See https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work. This can be beneficial to other community members. Thank you. – Allen Wu Jan 14 '21 at 02:17
  • Thank you for your answers, but they do not answer my questions. @StanleyGong a multi-tenant app works if I want to log in as different users from different tenants, but if I want to be logged in as two different users from different tenants and access their Log Analytics both at once, I would need to do programming gymnastics to come close with it. – Lukas Antanavičius Jan 19 '21 at 12:56
  • The same thing was discussed here https://techcommunity.microsoft.com/t5/azure-monitor/multi-tenant-centralize-log-analytics/m-p/901413, but there's no mention of how it could be implemented. – Lukas Antanavičius Jan 19 '21 at 13:15

1 Answers1

0

Multi-tenant mentioned by @StanleyGong should make sense.

In this case, you can add your account as guest user to the multiple tenants, assign RBAC roles to give the user access to the Azure Log Analytics.

Configure the authority as https://login.microsoftonline.com/{tenant-id} for multiple tenants in a configuration file. When you sign in with this account, choose different tenant based on different {tenant-id}.

You cannot sign in once to access to all the Azure Log Analytics data from all tenants. And you also can't authenticate and authorize once and call Azure APIs forever. Access token has lifetime. After it expires, you should re-authenticate.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • I want the inverse of what you proposed. You said to add accounts as guest to a tenant, I want multiple accounts, i.e. accounts that belong to different tenants to be grouped into a single login, that can access Log Analytics from all those different tenants. I know some Citrix software was doing it, but with virtual machines. – Lukas Antanavičius Jan 19 '21 at 12:53
  • @LukasAntanavičius What do you mean by "multiple accounts, i.e. accounts that belong to different tenants to be grouped into a single login"? Can you share a sample or any screenshots? – Allen Wu Jan 20 '21 at 02:13
  • For example: we have the main tenant, which queries Log Analytics. I want to send data from many other tenants to the main tenant. The main tenant then can aggregate Log Analytics data from many tenants. – Lukas Antanavičius Jan 20 '21 at 11:43