Search code examples
azureazure-active-directorymicrosoft-graph-apiazure-ad-b2b

Getting all B2B directories user is member of

Since we have Azure AD's B2B feature in GA, I am curious how to make use of B2B in multi-tenant applications. More specifically, how to get a list of directories which the user is member of? For example, the Azure Portal does this by calling https://portal.azure.com/AzureHubs/api/tenants/List, Microsoft's My Apps calls https://account.activedirectory.windowsazure.com/responsive/multidirectoryinfo to get the information - is there a public endpoint for this?

The use case is to enable B2B cooperation across a multi-tenant application which is provisioned in each user's directory so they have their own instances, but there is no way to centrally pull the information about user's directories.

A simple workaround would be to query all tenants which have the application provisioned for the user's UPN and if found, display it in the list, but imagine if there were hundreds of tenants... I believe that this is quite crucial for app developers who want to leverage the B2B functions in multi-tenant applications.

Update: It seems like there is a way to do this by accessing the Azure Service Management API, however this API and method is undocumented and I suppose that if any issues would occur, Microsoft would say that it is not a supported scenario.

Update 2: I wrote an article about the whole setup, including a sample project of how to make use of this in a scenario, it can be found here https://hajekj.net/2017/07/24/creating-a-multi-tenant-application-which-supports-b2b-users/

Solution

  • There is a publicly documented Azure Management API that allows you to do this: https://learn.microsoft.com/en-us/rest/api/resources/tenants

    GET https://management.azure.com/tenants?api-version=2016-06-01 HTTP/1.1
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz...
...

    The response body looks something like this:

    {
    "value" : [{
            "id" : "/tenants/d765d508-7139-4851-b9c5-74d6dbb1edf0",
            "tenantId" : "d765d508-7139-4851-b9c5-74d6dbb1edf0"
        }, {
            "id" : "/tenants/845415f3-7a05-45c2-8376-ee67080661e2",
            "tenantId" : "845415f3-7a05-45c2-8376-ee67080661e2"
        }, {
            "id" : "/tenants/97bcb93f-8dee-48ed-afa3-356ba40f3a61",
            "tenantId" : "97bcb93f-8dee-48ed-afa3-356ba40f3a61"
        }
    ]
}

    The resource for which you need to acquire an access token is https://management.azure.com/ (with the trailing slash!).