Clarity on Identity Choices for SaaS app

[SeanKilleen]

Hi all,

Thanks for the wealth of docs! I have a question and after reading the docs, I'm still slightly confused as to the recommendation. I figured I'd ask here for guidance and then I could channel that into a PR to update the docs.

Scenario: I am building an enterprise SaaS app. I need to enable organizations to sign up and provision their users within my application. I am targeting both existing Azure AD users and Google Apps for Business users. I am initially planning to deploy one sub-domain per organization, with a separate app and database for each. (in the future, I will likely consolidate into one multi-tenant webapp, but keeping it simple at first).

In this situation, what is the appropriate choice from an Azure AD perspective?

• Do I need to build a multi-tenant webapp for the Azure AD side of things and then treat the GSuite Business customers as an entirely separate scenario?
• Is there an Azure AD product I can purchase that will allow me to enable different organizations, e.g. GSuite, to access my app via Azure AD services as well?
• Am I better off using something like Auth0 to enable this overall scenario?

I feel that this is a pretty common scenario and I'd love for the docs to reflect a quick answer for someone in my position.

Thanks!

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 1b99765d-5ff4-56bf-fbd1-3a5f281f90da
• Version Independent ID: 053fdf19-73bb-4aba-ac18-e3cdae83861f
• Content: Compare External Identities - Azure Active Directory
• Content Source: articles/active-directory/external-identities/compare-with-b2c.md
• Service: active-directory
• Sub-service: b2b
• GitHub Login: @msmimart
• Microsoft Alias: mimart

[himanshusinha-msft]

Thanks for the feedback and bringing this to our notice . At this time we are reviewing the feedback and will update the document as appropriate .

[James-Hamil-MSFT]

Hi Sean, so sorry for the delay. In this scenario I would most likely create a multi-tenant application and provision users. This document shows how to configure G Suite. You can do the following with this:

• Create users in G Suite
• Remove users in G Suite when they do not require access anymore
• Keep user attributes synchronized between Azure AD and G Suite
• Provision groups and group memberships in G Suite
• Single sign-on to G Suite (recommended)

I will continue researching and discuss with the author. Thank you for bringing this to our attention. Please let me know if you have any other suggestions!