Oct 20 2021 01:44 AM
Oct 20 2021 01:44 AM
my team is developing an app using Azure native and i would like for our users to use their microsoft account (personal or work) in order to register with us and being able to use the app. I was wondering if anyone could point me to the right direction on how to implement that. I am looking for documentation, or reference architecture or something like that, not solutions.
Thanks a lot.
Oct 21 2021 08:51 AM
I have assumed when you say Azure Native you are talking about an Azure App Service. Let me know if something different.
If you are deploying an Azure App Service you typically want to use OAuth or OpenID to authorize your user in the application by their AzureAD account.
To do this, you must register a new 'Application' in AzureAD. This provides the configuration to allow your Web App to authenticate and authorize your users. Against this Application Registration entry, you can create 'App Roles'. Finally, you can assign your users to these 'App Roles'. The App Roles are optional if you want to create finer-grained access levels in Azure AD.
When you configure this on your Azure App Service, you can either set it up in the portal (where every user accessing the App will first be routed to AzureAD to sign in), or you can leave your App as public access and configure an Identity Provider in your application code to protect specific portions of your site.
Shameless plug: I have a Udemy course on consuming Identity Providers if you decide to develop that within your app rather than just switching it on at the App Service resource level.
Oct 22 2021 06:49 AM - edited Oct 22 2021 06:52 AMSolution
You can achieve this by following the same steps. While your app registration will need to be inside your own tenant, the scope of users it supports does not.
There are a few tweaks to the config, but you basically use the /common endpoints instead of your tenant endpoints. That way it will work for any Microsoft account.
Here is an example of this in action.
You can also configure this with the no-code authentication and root authorization in the App Service: