Forum Discussion
Azure AD - Enterprise Application - Where to deploy?
Hi Rishabh,
Thank you for the response. I just had a few followup questions if that's OK.
Our application is created as a non-gallery enterprise application which requires which requires an "Azure AD Premium P2" subscription level.
- When deploying this application into client tenants will they also require this subscription level in order to utilise the application?
- When clients install the application the https://azure.microsoft.com/en-us/pricing/details/active-directory/ cost is the host tenants installation cost, not ours?
Hello Butch,
It will be the your client/customer which will need premium license.
Since adding a non-gallery app should be available on their tenant.
If by any chance you are planning to get your app published in gallery check the below mentioned link,
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-app-gallery-listing
Regards,
Rishabh
Great info!
So, do we only need the "AD Premium" licence in our tenant to create the application (so that it has Provisioning / Single Sign On tabs). Do we need to maintain the premium licence after the applications are created?
I don't think you need a premium license.
Lets understand this step by step:-
Being an application provider you can either use Azure or you can use any other cloud solution provider or you can also host your application in your enterprise data center.
You will publish this application as per your LOB defined for different clients.
Now you want to make this applicaiton available in azure.
For that you can simply add this application in your tenant as multi-tenant application.
Click the below mentioned article to check how multi-tenant application works.https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview
Now let's say one of your customer wants to use your application (provided that your application can handle SSO).
Then with respect to the instance of your application that you have created for your customer. (like specific endpoints/uri's).Your customer will choose the option of non-gallery application for which they need to have a premium license.
Note:- You can be any idependent application provider, all azure AD needs is a federation trust that can be established.
Regards,
RishabhYes, we are a SASS service that hosts the application. We've just completed our integration with Azure SSO via Saml2.
We don't want to have to walk our clients through setting up a non-gallery application - e.g. configuring all the SSO information / adding the permissions etc.
We're just going to have them install an instance of our preconfigured application into their tenant using https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview#understanding-user-and-admin-consent.
If I understand you correctly, the only way to get around not having a premium licence of our own is to have our clients configure their own non-gallery application every time we on board one?