Reputation: 75306
OWIN OpenIdConnect Single Sign On with Office 365
I have managed to do single sign on over Azure Active Directory with OpenIdConnect middleware:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
ClientId = "{guid}",
Authority = "https://login.microsoftonline.com/common/",
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false
}
});
We use multi-tenant application on Azure and based on the tenantid on the returned token check whether this user is allowed (check tenantid from our database whether it comes from our trusted clients).
It works perfectly fine, if client would like to do single sign on with our application. They have to sync their users to azure active directory and configure their tenantid on our application.
The thing is, assume that some clients actually have Office 365. They already sync their company user accounts to Office 365 and they would like to take advantage user accounts on Office 365 and do single sign on with this.
I know Office 365 is built on top of Azure, and I can configure to make our application works with our company user accounts by getting the office 365 tenantid (the way I got from code debugging):
But one thing I am not sure is the Office 365 tenantid will be different between companies right, example: both company A and company B uses Office 365, so the office 365 tenantid is different between company A and company B?
If yes, how to get tenantid from Office 365 (not debugging like I did).
Also, please advise if this way does not work with Office 365 Single Sign On.
Upvotes: 0
Views: 1799
Answers (2)
Reputation: 14336
An Office 365 tenant and an Azure Active Directory tenant are exactly the same thing. When customers sign up for Office 365, they get an Azure Active Directory tenant, and this is where all their identities, etc. are stored. Different AAD tenants (including tenants originally created via Office 365) will have different tenant IDs.
How to get the tenant ID in the first place really depends on your application. One approach is to allow any tenant to consent/connect to your application, and you retrieve their tenant ID from the signed in user's token.
Upvotes: 0
Reputation: 800
There is a sample project in the OfficeDev repository on GitHub that walks through this scenario. Here is a link to the blog post that describes the project.
Upvotes: 1
Related Questions
- OpenID Connect with ASP.NET MVC
- Authentication expiry with OpenIDConnect with AAD
- Azure AD authentication in ASP.NET MVC 5
- Asp.net UseOpenIdConnectAuthentication not working in Azure
- Using both AspNet.Identity and OpenConnectId(For Azure AD Signin)
- OpenID Connect obtain claims in MVC Session
- Office 365 Single Sign On integration
- Microsoft.Owin.Security.OpenIdConnect with Azure Active Directory authentication ticket lifetime
- How can I use OWIN to authenticate with OpenID Connect directly with a token
- Office 365 and Azure Integration