Reputation: 107
Azure AD SSO for independent App Registrations
I need to provide an SSO between two independent applications via the Azure AD SSO.
My app (A) use Firebase as the backend and currently isn't registered in Azure AD.
The second App (B) is registered in Azure AD via App Registration and I think has password-based login now (but it doesn't really matter). Can't say what technology it uses for the backend.
I've read a lot of Azure documentation but can't understand how exactly should I connect them with SSO.
I see that I can connect applications from the Enterprise Applications list. Is this the only way to do it? In this case, I need to publish my app to the Enterprise Applications gallery but it feels like an overcomplicated solution.
Upvotes: 0
Views: 589
Answers (1)
Reputation: 461
SSO feature and experience depends on the type of auth-protocol being used. It also varies based on that. Lets say, your app uses OpenIDConnect then the SSO experience would be something like what mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-oidc-single-sign-on If it uses SAML as the auth-protocol it looks something similar to: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-saml-single-sign-on and if its using Password-based SSO then: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications
Specifically for Password-Based SSO, it provides SSO by storing the credentials in the browser extension. With password-based sign-on, users sign on to the application with a username and password the first time they access it. After the first sign-on, Azure AD supplies the username and password to the application.
Password-based single sign-on uses the existing authentication process provided by the application. When you enable password single sign-on for an application, Azure AD collects and securely stores user names and passwords for the application.
Choose password-based single sign-on when:
- An application doesn't support SAML single sign-on protocol.
- An application authenticates with a username and password instead of access tokens and headers.
In your case, both you apps (MyApp-A and MyApp-B) needs to be registered in AAD and they should support neither SAML or OIDC.
Upvotes: 2
Related Questions
- Firebase Authentication with Azure AD B2C
- Azure app registration for authenticating to different resources
- Sign in with My Apps portal and Azure AD SSO in multi tenants application
- Single-SignOn for multiple apps using MSA (AAD)
- How to register a centralized application with multiple deployments with Azure AD for Single Sign On
- Azure AD B2C SSO between Apps
- SSO with multiple azure web apps
- Azure AD SSO for native mobile application
- Integrating Native iOS Azure SSO with Multi-Tenant Web Application
- Single-Sign-On between web app and native app using ADAL