Demonstrates the use of a single Azure AD B2C tenant as authentication service for a SaaS application.

A SaaS application commonly uses the concept of a tenant to group users whose use of the application are totally separated from use by any other groups. For example, a SaaS application may provide accounting services. Each business using the application is considered a tenant in the application. To distinguish such a tenant from Azure AD tenants, this application uses the term application tenant. (Azure AD is also a SaaS application, hence it also has the concept of a tenant).

In this sample an individual can either create a new application tenant or sign in to existing tenants. Each application tenant has a short name and (optional) description. In order to sign in or sign up to existing tenants users will need to provide the short name of the application tenant. After signin, the application receives an OpenIDConnect id token with, among others, the application tenant's unique internal id (guid), name and user's role (admin or member; tenant creators are automatically assigned admin role, everybody else is a member). This data allows the application to make the appropriate authorization and data separation decisions. In this app, all the claims recived in the token are displayed on this page.

This API will return a list of all members and their roles given the tenant name.

Source code for this app may be found on github.

For more info email me or use the github source repo comments area.