Single sign-on for different Azure apps

%3CLINGO-SUB%20id%3D%22lingo-sub-2318641%22%20slang%3D%22en-US%22%3ESingle%20sign-on%20for%20different%20Azure%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2318641%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20company%20has%202%20different%20application%20on%20different%20tenants%20and%20they%20want%20to%20use%20single%20sign-on%20with%20company%20login%20to%20these%202%20applications.%20All%20application%20has%20their%20own%20AD%20app%20registrations%20and%20they%20can%20work%20well%20seperatly.%20How%20can%20we%20build%20a%20signle%20sign-on%20system%3F%3C%2FP%3E%3CP%3ESo%20when%20they%20login%20%3CA%20href%3D%22http%3A%2F%2Fwww.company.com%2C%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ewww.company.com%2C%3C%2FA%3E%26nbsp%3Bthey%20don't%20need%20to%20login%20%3CA%20href%3D%22http%3A%2F%2Fwww.app1.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ewww.app1.com%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22http%3A%2F%2Fwww.app2.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ewww.app2.com.%20%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2318641%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESSO%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2318824%22%20slang%3D%22en-US%22%3ERe%3A%20Single%20sign-on%20for%20different%20Azure%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2318824%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3EYou%20can%20configure%20your%20application%20to%20accept%20sign-ins%20from%20any%20Azure%20Active%20Directory%20(Azure%20AD)%20tenant.%20Making%20your%20application%20multi-tenant%20will%20allow%20users%20in%20any%20Azure%20AD%20tenant%20to%20be%20able%20to%20sign%20in%20to%20your%20application%20after%20consenting%20to%20use%20their%20account%20with%20your%20application.%3CBR%20%2F%3EYou%20will%20need%20to%20do%20that%20by%20updating%20your%20app%20and%20the%20link%20below%20can%20provide%20guidance%20%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fhowto-convert-app-to-be-multi-tenant%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fhowto-convert-app-to-be-multi-tenant%3C%2FA%3E%3C%2FLINGO-BODY%3E
Visitor

My company has 2 different application on different tenants and they want to use single sign-on with company login to these 2 applications. All application has their own AD app registrations and they can work well seperatly. How can we build a signle sign-on system?

So when they login www.company.com, they don't need to login www.app1.com and www.app2.com.

1 Reply

Hi
You can configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. Making your application multi-tenant will allow users in any Azure AD tenant to be able to sign in to your application after consenting to use their account with your application.
You will need to do that by updating your app and the link below can provide guidance :
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Another way  would be to consider users from the other tenant  as guests and leverage  Azure AD B2B

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b