- ABP Framework version: v7.2
- UI type: Blazor WASM
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): MVC
Hi,
We have a client that wants to use AzureAD for SSO, and provisioning so their users can log into our app.
Searching in the docs for AzureAD or SSO (v7.2) does not bring up any resiults. I have seen some blog posts from 2020 but we are using the v7.2 framework/OpenIddict.
- Can you please point us to an example that shows what to setup in AzureAD and what to configure in ABP.io?
- Will the ABP module enable Provisioning from Azure? and can you point to an example of how that is setup on both Azure and ABP sides?
Thanks, Andrew
9 Answer(s)
-
0
hi
It has nothing to do with identity server or openiddict.
AzureAD is just an external login of asp net core.
You just need to add it to your auth server project.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/azure-active-directory/?view=aspnetcore-7.0 https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-aspnetcore-webapp-openidconnect-v2/active-directory-aspnetcore-webapp-openidconnect-v2/ https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-7.0
-
0
Thanks Maliming,
This whole SSO authentication is all really new for us.
We will have to work through it so any help on what to also setup in our ABP.io for the tenant and users to make this work is appreciated.
Can user provisioning happen directly from AzureAD into our ABP.io app?
Andrew
-
0
hi
Did you check the URLs that I shared above?
-
0
Hi Maliming,
It seems that the AzureAD authentication as implemented in abp.io is not designed for multi-tenant. Users do not select a tenant on login.
They are unique in the system so their login details define their tenant.
How can we have multi-tenant, multi-AzureAD and their (SSO) login should select the tenant.
How do we provision a new AzureAD users into our app in the correct tenant based on the AzureAD they were setup in?
Thanks, Andrew
-
0
hi
The external login can support multiple tenants.
Each tenant&host can have different
AppId
andAppSecret
https://docs.abp.io/en/commercial/latest/modules/account#install-a-new-external-login
-
0
Ok, will check that.
How do we automatically create a new tenant user in the correct tenant, when the user is added in their AzureAD?
-
0
when the user is added in their AzureAD?
Can your app get this event and user & tenant info at the same time?
-
0
I expect it would have to be pushed from AzureAD when the user is set at that end to be able to use Azure credentials. I would expect that as it's an AzureAD-ABP.io interface there would be some configureation on the abp.io side to catch the connection fromAzureAD.
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-config-problem
-
0
hi
Im not sure, but if Auzre can make an HTTP request to abp app then you can create an API controller to handle it.