Azure AD multi-tenant architecture

The Azure AD multi-tenant architecture allows for multiple tenants (groups of users) to use the same application. You can read more about multi-tenant architecture here: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/

 

To set up Kantega SSO Enterprise to work with a multi-tenant architecture, start by following the normal OpenID Connect setup guide for Azure AD for one of your tenants. To make the configuration work for multiple tenants, you have to make the following changes:

  1. Change your Discovery URL to use the /common endpoint instead of a specific tenant ID: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

  2. Add the URLs of the issuers you want to be able to log in with, in the Trusted Issuers. Use the following format: https://login.microsoftonline.com/{tenantID}/v2.0