Thank you, when it comes to your question. Unfortunately, I do not have any experience in this field in AWS and Google platform so I cannot provide clear and honest answer.
Yes, you can do it, however currently you will have to control this in your application code as in Microsoft Entra (at least for now) there is no feature to limit access for external tenants in multi-tenant applications.
You mentioned with the multitenant approach that there is currently no way to protect against login attempts from other tenants - there is only the possibility to verify them in the code. Is it possible to validate beforehand so as to avoid entries in enterprise applications of users who tried to log in? What are the best practices in securing applications to avoid littering the tenant?
Unfortunately, at this moment there is no way to do it efficiently. I have some updates that in the future probably there will be more constraint functionalities added on the Entra side so we do not have to implement additional validation on the code side. For now, for multi-tenant applications anyone can try to sign in and you have to take care of blocking the access.
I created. a multiteant application. Users from other tenants can log in. But also I want allow to users from my tenant to log in? How to do this? I added a .gmail account as user to my tenant but. can't log in.
You do not have to specify the version in this case. You can simply use the URL in such form: login.microsoftonline.com/{organization}/adminconsent?client_id={client-id} It will create required Service Principal/s for the applications and APIs. You can see example here in the documentation: learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#construct-the-url-for-granting-tenant-wide-admin-consent
Excellent, thanks!!
Thanks for the detailed video, just out of curiosity: is it also this complex for other IDPs (like AWS or Google)?
Thank you, when it comes to your question. Unfortunately, I do not have any experience in this field in AWS and Google platform so I cannot provide clear and honest answer.
Do you maintain a GitHub repository for the projects mentioned in your videos?
I loved the Blazor app and would like to have a copy to use for testing app registrations
hi great video and amazing explanation. but i don't understand, it is not possible to provide access only to specific tenanat (organization) ?
Yes, you can do it, however currently you will have to control this in your application code as in Microsoft Entra (at least for now) there is no feature to limit access for external tenants in multi-tenant applications.
You mentioned with the multitenant approach that there is currently no way to protect against login attempts from other tenants - there is only the possibility to verify them in the code.
Is it possible to validate beforehand so as to avoid entries in enterprise applications of users who tried to log in?
What are the best practices in securing applications to avoid littering the tenant?
Unfortunately, at this moment there is no way to do it efficiently. I have some updates that in the future probably there will be more constraint functionalities added on the Entra side so we do not have to implement additional validation on the code side. For now, for multi-tenant applications anyone can try to sign in and you have to take care of blocking the access.
Great video
God bless you man, awesome content
I created. a multiteant application. Users from other tenants can log in. But also I want allow to users from my tenant to log in? How to do this? I added a .gmail account as user to my tenant but. can't log in.
Should it use v2 endpoint for the admin consent?
You do not have to specify the version in this case. You can simply use the URL in such form:
login.microsoftonline.com/{organization}/adminconsent?client_id={client-id}
It will create required Service Principal/s for the applications and APIs. You can see example here in the documentation:
learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#construct-the-url-for-granting-tenant-wide-admin-consent
i have one big doubt can we contact through mail can you give me your mail please regarding multi-tenant
Please contact me using this email: techmindfactory@hotmail.com