Multiple identity providers for Office 365/Azure AD - azure-active-directory

We have multiple domains on our Office 365 tenant. I would like to know if it is possible to use multiple identity providers (e.g. Okta or PingIdentity) within one Office 365 tenant - one identity provider per domain. So, users in DomainA.com would authenticate using Azure AD. And users in DomainB.com would authenticate using Okta.
Has anyone tried or had any experience doing this?

Yes, it is. You can have a different IdP for each domain mapped to your Office 365 tenant.

Related

Is Federated Identity Management possible using Azure AD or Azure B2C?

Website webapp1.com has registered users with its own IdP implementation.
There are other websites such as webapp2.com, webapp3.com, webapp4.com (different domain).
A logged-in-user user1 of webapp1.com wants to do a SSO login to webapp2.com or webapp3.com or webapp4.com.
user1 has accounts in webapp2.com/webapp3.com/webapp4.com as well.
Is there a way to implement this using Azure AD or Azure AD B2C?
This is possible using PingIdentity.
https://www.pingidentity.com/en/resources/blog/posts/2021/sso-vs-federated-identity-management.html
Tried Azure AD and Azure AD B2C.
There is no documentation found how this could be done.
As long as the web apps connect to the same identity provider/s, the user will get SSO if they visit another app and pass through those same identity providers. With AAD this is the default and only behaviour. With AAD B2C this is the default behaviour, but can be restricted.

Terraform provider Azure - how to manage Identity and Access Management (Azure AD)?

Is it possible to manage users and groups using Terraform?
Operations such as MFA, user-types, Authentication methods, Registration, notification, User settings, group settings, and Device settings.
Is it possible to manage users and groups using Terraform?
Yes, you can use Terraform to integrate with Azure AD and manage users and groups in Azure AD. At the same time, Terraform supports a number of different methods for authenticating to Azure AD.
Please see:here.

Known limitations when inviting users to Dynamics 365 using Azure AD B2B

We are designing a Dynamics 365 solution for a customer that already have an existing tenant with an Azure AD that uses federation through AD-FS.
We would like to design a solution using a separate tenant and Azure AD with Dynamics 365 (online). The idea would then be that we should invite users from their tenant to "our" tenant using Azure AD B2B.
We've found that there are limitations using Unified Service Desk client and using the users own email, using this approach. Are there other known limitations?
Could this be solved in a better way, still using two separate tenants?
Microsoft states that the following features are not supported when using Azure B2B together with Dynamics 365:
Unified Service Desk client
Dynamics 365 App for Outlook
Invited users cannot perform email activity using their own email address
Office 365 Groups
Read details at link

Azure B2C. User account does not exist in tenant 'xxx' and cannot access application

We get the following error when trying to access an AAD application, which is connected to Azure B2C.
User account 'xxxxx#gmail.com' from identity provider 'live.com' does not exist in tenant 'xxxxxxxx' and cannot access the application 'xxxxxxxxxxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
The live account shows up in both the B2C and AAD as a live.com user. Manually created accounts can log in. Yet when logging in from a B2C account, I get the above error.
How can I solve this problem?
If your requirement is to accept both personal accounts in addition to corporate accounts, then you should not be using ADAL. ADAL/ADAL.JS is designed only to accept corporate accounts and use the so called Azure AD 'v1' endpoint.
Here are your options:
AppSource only requires corporate accounts sign-ins. If you only need AppSource certification, you can keep using adal.js to sign-in corporate accounts. Then what you need to do is to set your application to be multi-tenant in Azure Portal, so you don't need to add guest accounts. But, again, this option only accepts corporate account sign-ins.
If your requirement is to also accept personal accounts, then you need to use msal.js instead of adal.js - and then register your application in the new portal https://apps.dev.microsoft.com . This new application is known as converged application and uses the Azure AD v2 endpoint. To get started use this guide as a starting point to sign-in users using msal.js.

Azure B2B with SharePoint Online and Yammer

I have a scenario that I am hoping someone can assist me with. I have a requirement to build an extranet in SharePoint Online (Office 365).
We have a main Office 365 Tenant. There are 15 member organisations that need access and these DO NOT have Office 365. on premise only.
So I can use Azure B2B to grant access to SharePoint Sites no problems. I need the social aspect and Yammer Fits PERFECTLY but identities are separate.
I can create and External Yammer Network and invite users but obviously these are a separate set of credentials to that of Azure AD.
Has anyone done such a thing and is there a way to grant Azure B2B users access to an external Yammer network?
Yammer should allow you to sync with your Azure Active Directory. This should allow users to have the same logins.
Here is some information I found on this matter:
https://products.office.com/en-gb/yammer/yammer-network-administration

Resources