Entra ID multi-tenant architecture

Owned by Ole Kristian Aune (Unlicensed)
Last updated: Jan 05, 2024 by Mari Fuglem

The Entra ID multi-tenant architecture allows for multiple tenants (groups of users) to use the same application. You can read more about multi-tenant architecture here: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/

 

To set up Kantega SSO Enterprise to work with a multi-tenant architecture, start by following the normal OpenID Connect setup guide for Entra ID for one of your tenants. To make the configuration work for multiple tenants, you have to make the following changes:

  1. Change your Discovery URL to use the /common endpoint instead of a specific tenant ID: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

  2. Add the URLs of the issuers you want to be able to log in with, in the Trusted Issuers. Use the following format: https://login.microsoftonline.com/{tenantID}/v2.0