The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Multi-Tenant Azure AD B2C RRS feed

  • Question

  • I'm looking at the preview of Azure B2C, wondering if it could be used for a single application being designed for multiple tenants.

    Each tenant (restaurant in our case), would want their own consumers to register and log in.

    From what I see so far in any examples is that B2C is only designed for an application that only supports a single tenant, with consumers for that single tenant.

    Can you clarify whether or not B2C can be used for multi - tenant applications, or are there any plans to support that?

    Tuesday, October 27, 2015 3:33 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.

    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,
    Neelesh
    Wednesday, October 28, 2015 10:08 AM
  • Hi,

    I assume that each of your customers would want there consumer base to exist in there own B2C Azure AD Instance, again assuming that this is not a chain of restaurants because in that case surely it would make sense for a consumer to only have to sign-up once regardless of what restaurant they visit in the chain.

    I am not sure what the application looks like or what the experience is, but if the consumer accessed your application, how do you know which restaurant they are accessing your application in respect to if your able to establish this then I guess you could add logic to indicate which B2C Configuration to follow in terms of Sign In/Up policies and what B2C Azure AD Instance they need to be added to during account creation.

    If you take the .NET scenario for example, you write in to the web.config file specific details about the B2C Azure AD Instance in the AppSettings using specific keys that are prefixed with ida: (Identity and Authorization). I am no expert when it comes to application development, but if you configured different key names containing different values for each restaurant and how ever you interacted with the application that would refer to these you were able to uniquely identify that wouldn't that be sufficient?

    ## Talking out loud very high level concept ##

    James.


    Senior Escalation Engineer | Azure AD Identity & Access Management

    Thursday, October 29, 2015 6:34 AM
  • Yes, each restaurant chain would ideally have their own B2C Active Directory.

    When a restaurant chain signed up there would be some administrative data collected and centrally stored, part of which would be their own domain name, which we would add in the azure portal as a domain name registered for the app. Each restaurant chain would use their own domain name to access the app, and the program would know what restaurant chain it was by the domain name and the associated admin data.

    If I create multiple B2C directories in the Azure Portal , I could add my application to each of them, and configure each B2C directory to my liking. I can get the unique Ida:TenantID, ida:ClientID, ida:SignupPolicy, ida:SignInPolicy, and ida:UserProfilePolicy from each of them.

    When it comes to coding, I need to configure this into the OWIN pipeline, but as far as I can tell this OWIN configuration is a one time thing that executes when the program starts up, and you supply it with one ida:TenantID, one ida:ClientID, etc. I don't know how to code it to use more than one setting , or if it is possible. Assuming it is not possible, I came to the conclusion that B2C is not meant for a multi-tenant application. If it is this possible, are there any examples of how to do this, or could you point me to documentation that would explain how to do this.


    Chris Nordin


    • Edited by Chris N Thursday, October 29, 2015 4:53 PM
    Thursday, October 29, 2015 4:12 PM
  •  Not Sure if this is answered already. 

    AS of now, my though is to use a custom attribute that is Location ( you can have a mapping between the Customer's Location ID with your Restaurant's location Id that way here the locationId can be used as an Tenant. 

    Hope this will solve the scenario like this.. 

    Thanks

    Selva

     


    Selvakumar Rathinam

    Saturday, September 21, 2019 10:17 AM