We want to develop a multi-tenant web application where the tenants could use one or more of the following identity providers:
- Microsoft LiveID(Microsoft Account)
- Windows Azure Active Directory (WAAD)
- Office 365
- ADFS
We have evaluated ACS and it works with all the above identity providers. However it is being deprecated in favor of Windows Azure Active Directory. We looked into Azure AD and it does support creating multi-tenant applications which are backed by Azure AD / Office 365 tenants. This helps us to support customers having Azure AD instance or Office 365.
I would like to know whether:
- Azure AD supports federation scenarios with ADFS and Microsoft Account as well?
- In case of ADFS, will it also support SSO?
- Does Azure AD support features like Custom Login screen and Home Realm Discovery (HRD) similar to ACS?
- Will Azure AD help in supporting tenants who want to use multiple identity providers(e.g. both Microsoft Account and ADFS)?
Also, as per our application requirements, we do not want to store any of tenant/customer user account details in our Azure AD instance. We would like Azure AD to take care of authentication and SSO with identity providers mentioned above without any need of storing tenant/customer info.
In the case of multitenancy, you don't need to store any info in your AAD. When a user from a new AAD tenant consent to the use of your app, a corresponding entry will appear in their own directory. HTH V.