I am an experienced developer with a long history of using C# and .NET and some LDAP experience. I would like to create an SaaS application using Azure best practices.
However, I find myself struggling a bit with the best practices for authentication/authorization using Azure. I would appreciate any help/links that are specific to my application's needs. I've found lots of generalized links, but these cover the topic much too broadly.
My application will (at least to start) have a single domain (e.g. https://mydomain.com/) shared by multiple separate customers each with its own users. Consider the case of two companies (Company1 and Company2). Both Company1 and Company2 would have a different set of users. Each company should be able to manage its own users and their authorizations/permissions. Neither company should be able to see or manage the other company's users. Each user should be able to change their own password. Companies would (ideally) be differentiated by a portion of the overall URL (e.g. https://mydomain.com/Company1 vs https://mydomain.com/Company2).
If I understand correctly, the best practice is to use Azure AD as an identity provider. Assuming I choose this approach, I would appreciate any advice, direction, or links discussing a scenario similar to the one described above...the more specific (and jargon-free) the better. If it's simply not possible to support this scenario, using Azure AD, alternative suggestions are also welcome.
I am a quick study, and don't mind doing the work of reading and figuring it out for myself. I am simply hoping for a little help finding a good starting point. The topic is simply covered too broadly for me to easily find one. While I wouldn't mind eventually becoming an Azure AD expert, my current needs are much more targeted.