Azure Authentication with Multi-Tenant Application

Overview

Lab

Lab Environment

Register Application

Setup Enterprise App in Tenant B

Connect-AzAccount -TenantId <tenant B>
Set-AzContext Active-02-27
New-AzADServicePrincipal -ApplicationId <appId for multi-tenant app registration from tenant A>New-AzRoleAssignment -ObjectId <object Id for enterprise app multi-tenant in tenant B> -ResourceGroupName cloud-shell-storage-eastus -RoleDefinitionName "Storage Blob Data Reader"

Access Resource in Other Tenant

az login --service-principal -u <application id> -p "xyz" -t <tenant B id>az storage blob download --auth-mode login --account-name <storage account name> -c test-multi-tenant -f c:\users\rquan\mydownload.txt -n test-file.txt
Finished[#############################################################] 100.0000%
{
....
C:\Users\rquan>type mydownload.txt
test
test
$secret = ConvertTo-SecureString -string "xyz" -AsPlainText -Force

$pscredential = New-Object -TypeName System.Management.Automation.PSCredential($appId, $secret)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant <tenant B Id>$ctx = New-AzStorageContext -StorageAccountName <storage account name> -UseConnectedAccountGet-AzStorageBlob -Container test-multi-tenant -Blob test-file.txt -Context $ctx | Get-AzStorageBlobContent -Force
PS C:\Users\rquan> dir test-file.txt

Directory: C:\Users\rquan

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/13/2021 11:46 PM 10 test-file.txt

Conclusion

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store