locked
Sign-in Azure web app from external Azure AD accounts RRS feed

  • Question

  • Hi,

    How we can make users from external Azure AD to sign-in a web application which is hosted in another Azure. Currently, sign-in in this web application from the same Azure AD users account is available. Or in another way, is it available to import users from external Azure AD to my Azure AD account? I tried Azure ad b2c but I don't know if it is the suitable way or not!

    Thanks in advance,

    //M
    Friday, February 7, 2020 2:56 PM

All replies

  • What you are describing seems to be better suited for Azure AD B2B. More at https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b

    To import B2B users into your Azure AD tenant, follow https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator

    hth
    Marcin

    Friday, February 7, 2020 2:59 PM
  • Azure AAD MSDN Forum has been migrated to Microsoft Q&A. Please post your question on Microsoft Q&A AAD, so that engineers with AAD expertise can help you there. 
    Saturday, February 8, 2020 12:05 AM
  • Thanks for reply, I checked the previous URLs and it is useful to how to add guest user manually to enterprise application or to Azure AD in general but if I have a lot of users I think it is a good idea to add them programmatically. I will explain my scenario:
    I have a web application which is hosted in Azure App service and I have done the authentication functionality for the local Azure users accounts. If I want to give the external Azure ad users the ability to login my application by using their Azure accounts.
    I suppose these steps:
    - Create a group inside Azure AD with the permissions to login this application.
    - Azure ad b2b, adding the external Azure ad accounts to this group programmatically by using graph api (I don't know how! but it is available for Azure b2c)
    - the external Azure ad users can login my application by using their Azure accounts.

    Are the previous steps effective to solve this issue!

    Thanks in advance,

    //M

    Tuesday, February 11, 2020 11:03 AM
  • Correct - this looks like a valid approach

    hth
    Marcin

    Tuesday, February 11, 2020 11:54 AM
  • Thanks for you reply, the requirements are changed .. I still have the same scenario there is a web application which is hosted in Azure App services and all local Azure ad users can login by their accounts. I want in this time to give the external users the ability to login the application but not just importing them. I want to develop a mini middle-ware(user management) where one of those external users can be an admin. This external admin can add/remove one or bulk of users to my web app (Or Azure ad for this specific app). There is a limit to number of users for this app and this mini user management app should help to check that! 

    I am looking for the best practice to implement this scenario!

    Thanks in advance,

    //M

    Thursday, February 13, 2020 10:37 AM
  • You can grant guest users in Azure AD admin privileges

    hth
    Marcin

    Thursday, February 13, 2020 11:30 AM
  • Okay, do you mean it isn't required to develop user management app and I can invite one external user and make this user as admin for this App, then this user can use "Bulk invite" option or "Bulk delete" inside our Azure ad?! but in this case, how can we control number of users or put number of users limitation!

    Or instead of this approach:

    what about create "App registrations" in their side then we can use their keys in our application and in this case we won't add or remove any user!?

    Thanks,

    //M


    • Edited by moh85 Thursday, February 13, 2020 2:16 PM
    Thursday, February 13, 2020 1:58 PM