0

I have managed to do single sign on over Azure Active Directory with OpenIdConnect middleware:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        AuthenticationMode = AuthenticationMode.Passive,
        ClientId = "{guid}",
        Authority = "https://login.microsoftonline.com/common/",

        TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = false
        }
    });

We use multi-tenant application on Azure and based on the tenantid on the returned token check whether this user is allowed (check tenantid from our database whether it comes from our trusted clients).

It works perfectly fine, if client would like to do single sign on with our application. They have to sync their users to azure active directory and configure their tenantid on our application.

The thing is, assume that some clients actually have Office 365. They already sync their company user accounts to Office 365 and they would like to take advantage user accounts on Office 365 and do single sign on with this.

I know Office 365 is built on top of Azure, and I can configure to make our application works with our company user accounts by getting the office 365 tenantid (the way I got from code debugging):

enter image description here

But one thing I am not sure is the Office 365 tenantid will be different between companies right, example: both company A and company B uses Office 365, so the office 365 tenantid is different between company A and company B?

If yes, how to get tenantid from Office 365 (not debugging like I did).

Also, please advise if this way does not work with Office 365 Single Sign On.

cuongle
  • 74,024
  • 28
  • 151
  • 206

2 Answers2

1

There is a sample project in the OfficeDev repository on GitHub that walks through this scenario. Here is a link to the blog post that describes the project.

Rich Ross
  • 790
  • 4
  • 14
  • Thanks for the link, my approach is also working similarly, do you know how I can get Office 365 Tenant ID? – cuongle Jun 27 '15 at 19:21
0

An Office 365 tenant and an Azure Active Directory tenant are exactly the same thing. When customers sign up for Office 365, they get an Azure Active Directory tenant, and this is where all their identities, etc. are stored. Different AAD tenants (including tenants originally created via Office 365) will have different tenant IDs.

How to get the tenant ID in the first place really depends on your application. One approach is to allow any tenant to consent/connect to your application, and you retrieve their tenant ID from the signed in user's token.

Philippe Signoret
  • 13,299
  • 1
  • 40
  • 58
  • Thank you for you answer, and yes, I can get the office 365 tenant ID from token on the code.The thing is our application have a text-box to allow client admin to input their office 365 tenant id. We based on this tenant Id to determine whether user comes from our trusted tenant. We don't allow all Azure users can access to our app, just only the users which belongs to tenant configured in our app. Think about how IT admin from our clients can get Office 365 Tenant Id. Something like this answer http://stackoverflow.com/questions/26384034/how-to-get-the-azure-account-tenant-id – cuongle Jun 28 '15 at 13:10