You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am looking at building a user admin app, for fun, to see if it is possible to authenticate and manage users across multiple tenants (with each tenant only having access to their own tenant's resources except the parent).
I imagine I would be looking at using the Azure Auth Provider either in its entirety or as a starting point. Would it be possible to use something like the tenant ID and user groups to lock down the users who can log in to specific users/roles/groups within a tenant (e.g. part of a CanEditUsers Group) and also lock down the tenants who can access it?
In the User class for the Azure provider, I can see that it returns UPN, mail, but can anything else be returned? I'm guessing as a minimum I would need Tenant ID and Group IDs? Would these have to be further requests to an API endpoint instead of returned with the logged in user?
I imagine it would also be useful for businesses who manage other tenants, but in this case, I am looking at my "parent" tenant and the app also allowing access to the tenants the parent has delegated access over. In my case, I use these tenants for developing other stuff and testing things out.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am looking at building a user admin app, for fun, to see if it is possible to authenticate and manage users across multiple tenants (with each tenant only having access to their own tenant's resources except the parent).
I imagine I would be looking at using the Azure Auth Provider either in its entirety or as a starting point. Would it be possible to use something like the tenant ID and user groups to lock down the users who can log in to specific users/roles/groups within a tenant (e.g. part of a CanEditUsers Group) and also lock down the tenants who can access it?
In the User class for the Azure provider, I can see that it returns UPN, mail, but can anything else be returned? I'm guessing as a minimum I would need Tenant ID and Group IDs? Would these have to be further requests to an API endpoint instead of returned with the logged in user?
I imagine it would also be useful for businesses who manage other tenants, but in this case, I am looking at my "parent" tenant and the app also allowing access to the tenants the parent has delegated access over. In my case, I use these tenants for developing other stuff and testing things out.
Beta Was this translation helpful? Give feedback.
All reactions