Hi @Krish Simhadri • Thank you for reaching out.
I understood that you want SSO between the applications that are federated with two different Azure AD tenants. To achieve this, I can think of the below 2 options that you may consider:
- Check if the vendor can configure the
App b
as a multi-tenant application. In this case, when user from corporate AD will access the application and accept the consent prompt, a service principal corresponding toApp b
will be created in the corporate AD and it can issue the token for bothApp a
as well asApp b
. The vendor can configure the application with issuer validation to accept and perform authorization using the token issued via corporate AD.
Ref: Sign in any Azure Active Directory user using the multi-tenant application pattern - If
App b
cannot be configured as multi-tenant, the users from corporate AD needs to be added as external/guest users in the vendor's AD. In this case, users will be using the same credentials regardless of whether they are using theApp a
orApp b
.
Ref: Add Azure Active Directory B2B collaboration users in the Azure portal
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.