I'm looking for someone to write a step-by-step how-to guide for creating an Azure AD multi-tenant application that allows a SaaS product to use SAML to sign on our users with Azure AD.
Our application is a multi-tenant SaaS platform. We have a high level "license" and the licensed organisation creates users underneath this license. There are many licenses (each organisation has their own license).
Each organisation will have their own AD (Azure or otherwise). We will store their tenant urls (AD login/out etc).
Azure AD application details:
In order for our licensed organisations to have their staff login to our software, they will be required to install an Azure AD application (just like Dropbox for example).
The Azure AD application needs to have extensions registered that add the following attributes to the AzureAD users:
Both custom attributes are just strings.
Essentially, in order for our application to provision, we need to know the Role and sites associated with the user. Our SAML metadata includes these fields, so AzureAD needs to be configured to have these fields if our Enterprise application is installed.
No steps can be left out - we will need to validate the guide before finalising the contract.