您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

为多租户应用程序启用单一登录Enable Single Sign-on for your multi-tenant application

当你通过购买或订阅向你的应用程序提供供其他公司使用的应用程序时,你可以让你的应用程序在其自己的 Azure 租户中提供给客户。When you offer your application for use by other companies through a purchase or subscription, you make your application available to customers within their own Azure tenants. 这称为创建多租户应用程序。This is known as creating a multi-tenant application. 有关此概念的概述,请参阅Azure 中的多租户应用程序和 Azure Active Directory 中的租户For overview of this concept, see Multitenant Applications in Azure and Tenancy in Azure Active Directory.

什么是单一登录What is Single Sign-On

单一登录(SSO)在用户使用 Azure Active Directory 和其他标识登录到应用程序时,增加了安全性和便利性。Single sign-on (SSO) adds security and convenience when users sign on to applications by using Azure Active Directory and other identities. 启用 SSO 后,用户无需输入单独的凭据即可访问该应用程序。When an application is SSO enabled, users don't have to enter separate credentials to access that application. 有关单一登录的完整说明。For a full explanation of Single sign-on. 请参阅单一登录到 Azure Active Directory 中的应用程序See Single sign-on to applications in Azure Active Directory.

为什么要在应用程序中启用单一登录?Why Enable Single Sign-on in your application?

在多租户应用程序中启用 SSO 有很多优点。There are many advantages to enabling SSO in your multi-tenant application. 为应用程序启用 SSO 时:When you enable SSO for your application:

  • 应用程序可以在 Azure Marketplace 中列出,其中你的应用可通过使用 Azure Active Directory 的数百万组织发现。Your application can be listed in the Azure Marketplace, where your app is discoverable by millions of organizations using Azure Active Directory.

    • 使客户能够快速配置 Azure AD 的应用程序。Enables customers to quickly configure the application with Azure AD.
  • 你的应用程序可以在 Office 365 应用程序库、Office 365 应用程序启动器和 Office.com 上的 Microsoft 搜索中发现Your application can be discoverable in the Office 365 App Gallery, the Office 365 App Launcher and within Microsoft Search on Office.com

  • 应用程序可以使用 Microsoft Graph REST API 来访问用于驱动 Microsoft Graph 提供的用户工作效率的数据。Your application can use the Microsoft Graph REST API to access the data that drives user productivity that is available from the Microsoft Graph.

  • 通过使客户更轻松,降低支持成本。You reduce support costs by making it easier for your customers.

    • 特定于应用程序的文档与 Azure AD 团队 coproduced,让我们的共同客户更轻松地采用。Application-specific documentation coproduced with the Azure AD team for our mutual customers eases adoption.
    • 如果启用一次单击 SSO,则客户的 IT 管理员无需了解如何配置应用程序以在其组织中使用。If one-click SSO is enabled, your customers’ IT Administrators don't have to learn how to configure your application for use in their organization.
  • 为客户提供完全管理其员工和来宾身份身份验证和授权的功能。You provide your customers the ability to completely manage their employee and guest identities’ authentication and authorization.

    • 将所有帐户管理和合规性责任放入这些标识的客户所有者。Placing all account management and compliance responsibility with the customer owner of those identities.

    • 为特定的标识提供者、组或用户提供启用或禁用 SSO 以满足其业务需求的能力。Providing ability to enable or disable SSO for specific identity providers, groups, or users to meet their business needs.

  • 增加 marketability 和 adoptability。You increase your marketability and adoptability. 许多大型组织要求其员工在所有应用程序中都有无缝的 SSO 体验。Many large organizations require that (or aspire to) their employees have seamless SSO experiences across all applications. 简化 SSO 非常重要。Making SSO easy is important.

  • 减少最终用户的摩擦,这可能会增加最终用户的使用并增加收入。You reduce end-user friction, which may increase end-user usage and increase your revenue.

如何在已发布的应用程序中启用单一登录How to enable Single Sign-on in your published application

  1. 为多租户应用程序选择适当的联合身份验证协议Choose the right federation protocol for your multi-tenant application.
  2. 在应用程序中实现 SSOImplement SSO in your application
  3. 创建 Azure 租户并测试应用程序Create your Azure Tenant and test your application
  4. 在站点上创建并发布 SSO 文档Create and publish SSO documentation on your site.
  5. 提交你的应用程序列表并与 microsoft 合作,以便在 microsoft 网站上创建文档。Submit your application listing and partner with Microsoft to create documentation on Microsoft’s site.
  6. 加入 Microsoft 合作伙伴网络(免费)并创建你的走向市场计划Join the Microsoft Partner Network (free) and create your go to market plan.