The company I work for has a Web App that is published in the Azure AD Gallery, now we want to add SCIM provisioning to it.
The problem I'm trying to solve is that in some scenarios a company may need access to two different instances of our Web App, using the same user.
So in order to distinguish what instance they are provisioning to, I would need to receive a value that tells me the instance.
The idea I'm currently exploring is to register two apps inside the same tenant,
and retrieve some unique value depending on which App is sending the provisioning requests. If I was able to receive the Object Id or the Application Id that would be perfect but right now I only get the Tenant Id, which is the same for both apps.
I followed the accepted answer from here https://docs.microsoft.com/en-us/answers/questions/135345/azure-ad-custom-claims-in-access-tokens.html to try to add some specific claim but I always get the same original claims.
Should this plan of registering two apps and sending different claims ids work? I'm not sure if I'm doing something wrong or if there is some other easier way to accomplish my goal. Much appreciated any help.