I've already set up Google Auth for SSO with my webapp. This was in Django app using python-social-auth. This Django app had the ability to add azure ad integration and this worked.
Well it worked for users created under a directory. However it wouldn't work for users under any other ones. I looked around and it seems to want to create a new directory/application for every copmany that uses this services to sign in.
(PS realise this might be closed as too broad but I tried to pare it down to the essential core here)
My question comes down to, can I authenticate Azure AD users in my 3rd party website without them having preregistered my site as an allowable source by their admin? Is there any functionality/setting/service in Azure AD that allows that?
can I authenticate Azure AD users in my 3rd party website without them having preregistered my site as an allowable source by their admin? Is there any functionality/setting/service in Azure AD that allows that?
As a matter of fact this is a general authentication related question, but the answer is no. Based on my understanding, users need to configure their app as a multi-tenant application and have the admin/user of the other tenant give consent depending on what permissions are needed. I would like to suggest you to check https://msdn.microsoft.com/en-us/library/azure/dn132599.aspx for the details of how to add, update, or remove an application in Azure Active Directory (Azure AD), it shows the different types of applications that can be integrated with Azure AD as well.