MyGroups: B2B application sample!

Based on my previous post about B2B guest access to application, I made another sample called MyGroups. I think it demonstrates practical usage of both B2B guest access, Office 365 Groups and Microsoft Graph.

MyGroups can be used to display all Office 365 Groups to which the user has been added and additionally list direct links to the group’s SharePoint site, which is something we have been in need of internally within our company.

In the HomeController, you can find the call which is being made to Microsoft Graph’s groups endpoint to get the group’s site information – it is being made in parallel to make the request shorter for the user – generally, on average, it took about 1 second to get the site details of each group.

If you would like to use the code, just go ahead and grab the source from GitHub!

Creating a multi-tenant application which supports B2B users

Since Microsoft’s Azure AD got the Business-to-Business (B2B) functionality, it has enabled a broad variety of new scenarios to be developed. It for example makes sharing various resources and information within applications much more easier. Today we are going to investigate the way to build an application which is not only a multi-tenant one, but also supports the user to be member of multiple directories.

Continue reading “Creating a multi-tenant application which supports B2B users”

Forcing reauthentication with Azure AD

While working on a project, I stumbled upon an interesting issue – how to force the user to reauthenticate in an application – for example when accessing some sensitive information? While it may seem quite straightforward from the documentation of Azure AD, it is not that simple, and if you are using prompt=login to reauthenticate the user, I quite suggest you read on.

Continue reading “Forcing reauthentication with Azure AD”

To single sign out or not to?

When building a Line Of Business (LOB) application, you are usually better off with implementing the customer’s current Identity Provider (IdP) which could be ADFS, Azure AD or some others. The benefits are clear – users use a single account for all the services, authenticate through a central point, can be more protected by conditional access policies and as a great benefit, you can leverage the existing data through Microsoft Graph for example. So while it is obvious why to use Single Sign On in your application, a little bit less discussed topic is about Single Sign Out (SLO).

Continue reading “To single sign out or not to?”