Enable Single Sign-on for your multi-tenant application

When you offer your application for use by other companies through a purchase or subscription, you make your application available to customers within their own Azure tenants. This is known as creating a multi-tenant application. For overview of this concept, see Multitenant Applications in Azure and Tenancy in Azure Active Directory.

What is Single Sign-On

Single sign-on (SSO) adds security and convenience when users sign on to applications by using Azure Active Directory and other identities. When an application is SSO enabled, users don't have to enter separate credentials to access that application. For a full explanation of Single sign-on. See Single sign-on to applications in Azure Active Directory.

Why Enable Single Sign-on in your application?

There are many advantages to enabling SSO in your multi-tenant application. When you enable SSO for your application:

  • Your application can be listed in the Azure Marketplace, where your app is discoverable by millions of organizations using Azure Active Directory.

    • Enables customers to quickly configure the application with Azure AD.
  • Your application can be discoverable in the Office 365 App Gallery, the Office 365 App Launcher and within Microsoft Search on Office.com

  • Your application can use the Microsoft Graph REST API to access the data that drives user productivity that is available from the Microsoft Graph.

  • You reduce support costs by making it easier for your customers.

    • Application-specific documentation coproduced with the Azure AD team for our mutual customers eases adoption.
    • If one-click SSO is enabled, your customers’ IT Administrators don't have to learn how to configure your application for use in their organization.
  • You provide your customers the ability to completely manage their employee and guest identities’ authentication and authorization.

    • Placing all account management and compliance responsibility with the customer owner of those identities.

    • Providing ability to enable or disable SSO for specific identity providers, groups, or users to meet their business needs.

  • You increase your marketability and adoptability. Many large organizations require that (or aspire to) their employees have seamless SSO experiences across all applications. Making SSO easy is important.

  • You reduce end-user friction, which may increase end-user usage and increase your revenue.

How to enable Single Sign-on in your published application

  1. Choose the right federation protocol for your multi-tenant application.
  2. Implement SSO in your application
  3. Create your Azure Tenant and test your application
  4. Create and publish SSO documentation on your site.
  5. Submit your application listing and partner with Microsoft to create documentation on Microsoft’s site.
  6. Join the Microsoft Partner Network (free) and create your go to market plan.