Skip to content

Commit b9f5090

Browse files
author
Kalyan Krishna
committed
Minor updates
1 parent 5ac63fa commit b9f5090

File tree

2 files changed

+18
-18
lines changed

2 files changed

+18
-18
lines changed

2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -30,26 +30,26 @@ This sample shows how to build an ASP.NET Core MVC web application that uses Ope
3030

3131
It also introduces developers to the concept of
3232

33-
- Microsoft National cloud environments
3433
- Multi-tenant Azure Active Directory application
34+
- [Azure National cloud deployments](https://docs.microsoft.com/en-us/graph/deployments)
3535

36-
> :grey_exclamation: If you want to run this sample in Microsoft worldwide Cloud, navigate to the [README.md](README.md).
36+
> :grey_exclamation: If you want to run this sample in [Azure Worldwide Cloud](https://portal.azure.com/), please navigate to the [README.md](README.md).
3737
3838
### Microsoft National cloud environments
3939

4040
National clouds (aka Sovereign clouds) are physically isolated instances of Azure. These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries.
4141
In addition to the public cloud​, Azure Active Directory is deployed in the following National clouds:  
4242

43-
- Azure US Government
44-
- Azure China 21Vianet
45-
- Azure Germany
43+
- Microsoft Cloud for US Government
44+
- Microsoft Cloud Germany
45+
- Azure and Office 365 operated by 21Vianet in China
4646

4747
### Overview
4848

4949
When it comes to developing apps, developers can choose to configure their app to be either single-tenant or multi-tenant during app registration in the [Azure portal](https://portal.azure.com).
5050

5151
- `Single-tenant` apps are only available in the tenant they were registered in, also known as their home tenant.
52-
- `Multi-tenant` apps are available to users in both their home tenant and other tenants where they are provisioned.
52+
- `Multi-tenant` apps are available to users in both their home tenant and other tenants where they are provisioned. Apps that allow users to sign-in using their personal accounts that they use to sign into services like Xbox and Skype are also multi-tenant apps.
5353

5454
For more information about apps and tenancy, see [Tenancy in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps)
5555

@@ -66,7 +66,7 @@ The application puts forward a scenario where a SaaS application invites the adm
6666
1. On the onboarding page, you will be asked to sign-in as a tenant **administrator** and accept the permissions requested in the **admin consent** screen to successfully provision the application in your tenant.
6767
1. Once you have **registered your tenant**, all users from that tenant will be able to sign-in and explore the ToDo list.
6868

69-
> :grey_exclamation: Azure Government applications can use Azure AD Government identities, but can also use Azure AD Public identities to authenticate to an application hosted in Azure Government. A multi-tenant application **will not** be accessible using Azure AD Public identities. To know more about choosing identity authority go to [choose identity authority in Azure Government](https://docs.microsoft.com/azure/azure-government/documentation-government-plan-identity#choosing-your-identity-authority).
69+
> :grey_exclamation: Azure Government applications can use Azure AD Government identities, but can also use Azure AD Public identities to authenticate to an application hosted in Azure Government. A multi-tenant application **will not** be accessible using Azure AD Public identities. To know more about choosing identity authority go to [choosing your identity authority in Azure Government](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-plan-identity#choosing-your-identity-authority).
7070
7171
## How to run this sample
7272

@@ -217,7 +217,7 @@ The list of users will be presented in the **Assigned To** dropdown:
217217
This sample details the following aspects of a multi-tenant app.
218218

219219
- usage of the `/common` endpoint.
220-
- Service Principle provisioning of an app in Azure AD tenants
220+
- Service principal provisioning of an app in Azure AD tenants
221221
- Custom Token Validation to allow users from onboarded tenants only.
222222
- Data partitioning in multi-tenant apps.
223223
- Acquiring Access tokens for Microsoft Graph for each tenant.
@@ -239,9 +239,9 @@ services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
239239

240240
You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
241241

242-
### Service principle provisioning for new tenants (onboarding process)
242+
### Service principal provisioning for new tenants (onboarding process)
243243

244-
For a multi-tenant app to work across tenants, its service principle will need to be provisioned in the users' tenant. It can either happen when the first user signs in, or most tenant admins only allow a tenant admin to carry out the service principle provisioning. For provisioning, we will be using the [admin consent endpoint](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent) for the onboarding process. The code for this is provided in the `OnboardingController.cs`. The `Onboard` action and corresponding view, simulate the onboarding flow and experience.
244+
For a multi-tenant app to work across tenants, its service principal will need to be provisioned in the users' tenant. It can either happen when the first user signs in, or most tenant admins only allow a tenant admin to carry out the service principal provisioning. For provisioning, we will be using the [admin consent endpoint](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent) for the onboarding process. The code for this is provided in the `OnboardingController.cs`. The `Onboard` action and corresponding view, simulate the onboarding flow and experience.
245245

246246
```csharp
247247
[HttpPost]
@@ -260,7 +260,7 @@ public IActionResult Onboard()
260260
}
261261
```
262262

263-
This results in an OAuth2 code grant request that triggers the admin consent flow and creates the service principle in the admin's tenant. The `state` parameter is used to validate the response, preventing a man-in-the-middle attack. Then, the `ProcessCode` action receives the authorization code from Azure AD and, if they appear valid, we create an entry in the application database for the new customer.
263+
This results in an OAuth2 code grant request that triggers the admin consent flow and creates the service principal in the admin's tenant. The `state` parameter is used to validate the response, preventing a man-in-the-middle attack. Then, the `ProcessCode` action receives the authorization code from Azure AD and, if they appear valid, we create an entry in the application database for the new customer.
264264

265265
The `https://graph.microsoft.com/.default` is a static scope that allows the tenant admin to consent for all permissions in one go. You can find more about static scope on [this link.](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent#request-the-permissions-from-a-directory-admin)
266266

@@ -340,7 +340,7 @@ If you are receiving the following error message, you might need to **delete old
340340

341341
> OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS650051: Application '{applicationId}' is requesting permissions that are either invalid or out of date.
342342
343-
If you had provisioned a service principle of this app in the past and created a new one, the tenants that had signed-in in the app might still have the previous service principle registered causing a conflict with the new one. The solution for the conflict is to delete the older service principle from each tenant in the **Enterprise Application** menu.
343+
If you had provisioned a service principal of this app in the past and created a new one, the tenants that had signed-in in the app might still have the previous service principal registered causing a conflict with the new one. The solution for the conflict is to delete the older service principal from each tenant in the **Enterprise Application** menu.
344344

345345
## Contributing
346346

2-WebApp-graph-user/2-3-Multi-Tenant/README.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ This sample shows how to build an ASP.NET Core MVC web application that uses Ope
3333
When it comes to developing apps, developers can choose to configure their app to be either single-tenant or multi-tenant during app registration in the [Azure portal](https://portal.azure.com).
3434

3535
- `Single-tenant` apps are only available in the tenant they were registered in, also known as their home tenant.
36-
- `Multi-tenant` apps are available to users in both their home tenant and other tenants where they are provisioned.
36+
- `Multi-tenant` apps are available to users in both their home tenant and other tenants where they are provisioned. Apps that allow users to sign-in using their personal accounts that they use to sign into services like Xbox and Skype are also multi-tenant apps.
3737

3838
For more information about apps and tenancy, see [Tenancy in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/single-and-multi-tenant-apps)
3939

@@ -193,7 +193,7 @@ The list of users will be presented in the **Assigned To** dropdown:
193193
This sample details the following aspects of a multi-tenant app.
194194

195195
- usage of the `/common` endpoint.
196-
- Service Principle provisioning of an app in Azure AD tenants
196+
- Service principal provisioning of an app in Azure AD tenants
197197
- Custom Token Validation to allow users from onboarded tenants only.
198198
- Data partitioning in multi-tenant apps.
199199
- Acquiring Access tokens for Microsoft Graph for each tenant.
@@ -215,9 +215,9 @@ services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
215215

216216
You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
217217

218-
### Service principle provisioning for new tenants (onboarding process)
218+
### Service principal provisioning for new tenants (onboarding process)
219219

220-
For a multi-tenant app to work across tenants, its service principle will need to be provisioned in the users' tenant. It can either happen when the first user signs in, or most tenant admins only allow a tenant admin to carry out the service principle provisioning. For provisioning, we will be using the [admin consent endpoint](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent) for the onboarding process. The code for this is provided in the `OnboardingController.cs`. The `Onboard` action and corresponding view, simulate the onboarding flow and experience.
220+
For a multi-tenant app to work across tenants, its service principal will need to be provisioned in the users' tenant. It can either happen when the first user signs in, or most tenant admins only allow a tenant admin to carry out the service principal provisioning. For provisioning, we will be using the [admin consent endpoint](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent) for the onboarding process. The code for this is provided in the `OnboardingController.cs`. The `Onboard` action and corresponding view, simulate the onboarding flow and experience.
221221

222222
```csharp
223223
[HttpPost]
@@ -236,7 +236,7 @@ public IActionResult Onboard()
236236
}
237237
```
238238

239-
This results in an OAuth2 code grant request that triggers the admin consent flow and creates the service principle in the admin's tenant. The `state` parameter is used to validate the response, preventing a man-in-the-middle attack. Then, the `ProcessCode` action receives the authorization code from Azure AD and, if they appear valid, we create an entry in the application database for the new customer.
239+
This results in an OAuth2 code grant request that triggers the admin consent flow and creates the service principal in the admin's tenant. The `state` parameter is used to validate the response, preventing a man-in-the-middle attack. Then, the `ProcessCode` action receives the authorization code from Azure AD and, if they appear valid, we create an entry in the application database for the new customer.
240240

241241
The `https://graph.microsoft.com/.default` is a static scope that allows the tenant admin to consent for all permissions in one go. You can find more about static scope on [this link.](https://docs.microsoft.com/azure/active-directory/develop/v2-admin-consent#request-the-permissions-from-a-directory-admin)
242242

@@ -316,7 +316,7 @@ If you are receiving the following error message, you might need to **delete old
316316

317317
> OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS650051: Application '{applicationId}' is requesting permissions that are either invalid or out of date.
318318
319-
If you had provisioned a service principle of this app in the past and created a new one, the tenants that had signed-in in the app might still have the previous service principle registered causing a conflict with the new one. The solution for the conflict is to delete the older service principle from each tenant in the **Enterprise Application** menu.
319+
If you had provisioned a service principal of this app in the past and created a new one, the tenants that had signed-in in the app might still have the previous service principal registered causing a conflict with the new one. The solution for the conflict is to delete the older service principal from each tenant in the **Enterprise Application** menu.
320320

321321
## Contributing
322322

0 commit comments

Comments
 (0)