Building multitenant application — Part 3: Authentication

Tai Bo
5 min readAug 20, 2022

In this post, I continue to share what I have learned while building a multitenant application by ultilizing Microsoft Identity Framework and SQL role level security. Specifically, I share what I have learned following Microsoft example project and documentations to make authentication works in a multitenant environment.

First, it’s helpful to distinguish between service principal vs application context in the context of multitenancy.

Service Principal vs Application Object

An application object is a unique identifier representing the instance of the application in a tenant which hosts the application (the application’s home tenant).

A service principal is created in every tenant where the app is used. The application object acts as a blueprint to create service principals.

Application Registration

Making the app multitenant means allowing users from multiple Azure AD tenants to authenticate. For this to work, when registering an application in azure, you must choose either “Accounts in any organizational directory”, or “Accounts in any organizational directory and personal Microsoft accounts”.

As a side note, personal account means a Microsoft or Xbox account, and not just any account. For instance, a user will not be able to login with a Gmail account. One way to allow a user with another account type such as Gmail or…

--

--

Tai Bo

Backend developer in .NET core. I enjoy the outdoor, hanging out with good friends, reading and personal development.