fedration between two mobile apps

Question

I have two mobile apps both are integrated with Azure AD for authentication
App a is integrated with Azure AD 1 (corporate AD)
App b is integrated with Azure AD 2 (vendors AD)

App a users are different to App b users
I am looking for a solution that when an App a user login to the device using corporate AD credentials and access App b, then this user should be seamlessly going into App b with out authenticating again.
any documentation or design would be very helpful

Note App B uses JWT token for authenticating and maintaining user session

Answer 1

Hi @Krish Simhadri • Thank you for reaching out.

I understood that you want SSO between the applications that are federated with two different Azure AD tenants. To achieve this, I can think of the below 2 options that you may consider:

1. Check if the vendor can configure the App b as a multi-tenant application. In this case, when user from corporate AD will access the application and accept the consent prompt, a service principal corresponding to App b will be created in the corporate AD and it can issue the token for both App a as well as App b. The vendor can configure the application with issuer validation to accept and perform authorization using the token issued via corporate AD.
   Ref: Sign in any Azure Active Directory user using the multi-tenant application pattern
2. If App b cannot be configured as multi-tenant, the users from corporate AD needs to be added as external/guest users in the vendor's AD. In this case, users will be using the same credentials regardless of whether they are using the App a or App b.
   Ref: Add Azure Active Directory B2B collaboration users in the Azure portal

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.