Reputation: 327
Access to Multiple tenants on Azure AD using single sign on
I have multiple tenants on azure. I want to access them using a single sign-on from my app. e.g I want to get all subscriptions related to all tenants by tenantId with a single hit. I tried the below api and it gives me one tenant information at a time. It requires the access_token for each tenant separately.
https://learn.microsoft.com/en-us/rest/api/resources/subscriptions/get
I am able to get all tenant's information using (https://learn.microsoft.com/en-us/rest/api/resources/tenants/list), but after that is there any option to pass the tenantId and get the other information like subscriptions and other detail based on passing tenantId.
Upvotes: 0
Views: 1437
Answers (2)
Reputation: 61
This is achievable through Azure Lighthouse, but may not scale or be the correct solution depending on the scenario that your app is trying to fulfill.
https://learn.microsoft.com/en-us/azure/lighthouse/overview
This is mainly used by managed service providers to manage their Azure resources cross tenant, but you could also use it to manage your own internal Azure resources cross tenant.
https://learn.microsoft.com/en-us/azure/lighthouse/concepts/azure-delegated-resource-management
The managed services is comprised of two parts the definitions and assignment (you can kind of think of it similar to role assignment). The definition defines the tenant and users that will be able to see the other projections. The assignment gives the users and tenant defined in the definition access to the subscription.
How-To: https://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
There are some limitations to this: https://learn.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience#current-limitations
Upvotes: 0
Reputation: 16438
You need to provide different access token for different tenants.
So it's impossible to list all the subscriptions for multiple tenants in one call.
PowerShell cmd Get-AzureRmSubscription can list subscriptions for all tenants. But it still needs to get an access token for each tenant and then get it's subscriptions.
See a similar post here.
Upvotes: 1
Related Questions
- Sign in with My Apps portal and Azure AD SSO in multi tenants application
- Set up sign-in for multi-tenant Azure Active Directory - Single Button for all tenants
- How to use a single application to access resources in multiple tenants in Azure AD?
- Azure Multi-tenant application
- Azure AD Multi-Tenant Sign In - with tenants in microsoftonline.com and microsoftonline.de
- Azure Active Directory - SSO w/ Multi-Tenant with non AAD IdP
- How can I sign in for a specific tenant in an azure multi-tenant application?
- How to login to multi-tenant application?
- Azure Active Directory | Multi-tenant Application
- How do I authenticate via Azure Active Directory with multi-tenant ASP.NET applications?