Identity Management for Multitenant Applications in Microsoft Azure

This sample shows how to manage user identities in a multitenant application on Microsoft Azure, using Azure Active Directory for authentication.

The project consists of:

• A reference implementation of a multi-tenant SaaS application.
• Written guidance on best practices for identity management in multitenant applications on Microsoft Azure.

The written guidance reflects what we learned in the process of building the application. To get started with the application, see Running the Surveys application.

Table of Contents

• Introduction
• About the Tailspin Surveys application
• Authentication with Azure AD
  • How to authenticate users from Azure Active Directory (Azure AD), using OpenID Connect (OIDC) to authenticate
• Working with claims
• Sign-up and tenant onboarding
  • How to implement a sign-up process that allows a customer to sign up their organization for your application
• Application roles
  • How to define and manage application roles.
• Authorization
  • Role-based authorization
  • Resource-based authorization
• Securing a backend web API
  • How to use bearer tokens to authenticate calls from the web app to a backend web API.
• Caching access tokens
  • Caching OAuth2 access tokens in a web app.
• Appendixes
  • Federating with a customer's AD FS
  • Using client assertion to get access tokens from Azure AD
  • Using Key Vault to protect application secrets
  • Overview of OAuth 2 and OpenID Connect
  • Understanding ASP.NET 5 authorization handlers

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.