Search Results :

×
Sign Up Contact Us

Organizations building applications on the .NET platform often serve multiple customers (tenants) through a single application instance. Each tenant may represent a different company, business unit, or client, with its own users, identity providers, and access requirements.

In such multi-tenant environments, managing authentication becomes complex, each tenant may require separate login configurations, branding, and identity provider integrations such as Microsoft Azure Active Directory, Okta, ADFS, or Google Workspace.

While modern .NET frameworks support authentication mechanisms, they lack built-in support for dynamic tenant-based authentication routing and centralized tenant management.

miniOrange addresses this by acting as a centralized identity orchestration layer, enabling .NET applications to support tenant-aware authentication, where each tenant can have its own IDP, login experience, and access policies, all managed from a single platform.

The organization:

  • Runs one or more .NET / ASP.NET / ASP.NET Core applications.
  • Serves multiple customers (tenants) from a single application.
  • Requires tenant-specific authentication configurations.
  • Uses different IDPs per tenant (Azure AD, Okta, Google, etc.)
  • Wants to avoid building custom tenant-based authentication logic.
  • Needs scalable onboarding of new tenants.

Business Challenges

  • Difficulty managing multiple customer organizations within one application.
  • Poor user experience due to non-personalized login flows.
  • Increased onboarding time for new tenants.
  • Lack of tenant-specific branding and identity experience.
  • High support overhead due to login confusion.

Technical Challenges

  • No built-in tenant identification and routing in .NET authentication.
  • Complex configuration for multiple tenant-IDP mappings.
  • Difficulty maintaining separate authentication flows per tenant.
  • Challenges in enforcing tenant-specific access policies.
  • Increased code complexity and maintenance effort.

miniOrange enables Multi-Tenant SSO for .NET applications by introducing a centralized identity layer that dynamically identifies tenants and routes authentication accordingly.

1. Tenant-Aware Authentication Routing

  • Identify tenants using domain, subdomain, email, or tenant ID.
  • Automatically route users to the correct IDP.
  • Support multiple IDPs across different tenants.
  • Eliminate manual login selection for users.

2. Centralized Tenant Management

  • Configure authentication settings per tenant from a single dashboard.
  • Manage metadata, certificates, and endpoints per tenant.
  • Enable tenant-specific branding (logos, login pages).
  • Add or update tenants without changing application code.

3. Scalable & Secure Architecture

  • Quickly onboard new tenants with minimal effort.
  • Enforce tenant-specific policies (MFA, session rules, etc.).
  • Maintain strict tenant isolation and secure access.
  • Designed for SaaS and enterprise multi-tenant environments.

Meet a SaaS-based project management application built on .NET that serves multiple companies (tenants). Each tenant has its own users and identity provider.

Tenant 1: Acme Corporation (Azure AD)

Michael, an employee at Acme Corporation, accesses the application via acme.app.com.

Authentication Flow:

  1. Michael enters the application URL.
  2. The application redirects him to miniOrange.
  3. miniOrange identifies the tenant using the subdomain (acme).
  4. Michael is redirected to Azure AD for authentication.
  5. He logs in and completes MFA.
  6. Azure AD sends the authentication response to miniOrange.
  7. miniOrange validates the response and logs Michael into the application.
  8. Tenant-specific roles such as Project_Manager are assigned.

Outcome:

Michael accesses Acme Corporation’s projects, dashboards, and internal data only.

Tenant 2: Beta Solutions (Okta)

Emily, a user from Beta Solutions, logs in via beta.app.com.

Authentication Flow:

  1. Emily accesses the application.
  2. miniOrange detects the tenant (beta).
  3. She is redirected to Okta for authentication.
  4. After successful login, Okta sends the response to miniOrange.
  5. miniOrange validates and logs her into the application.
  6. Roles such as Client_User are mapped.

Outcome:

Emily accesses only Beta Solutions’ data and resources.

Tenant 3: Gamma Technologies (Google Workspace)

David, from Gamma Technologies, logs in using his company email.

Authentication Flow:

  1. David enters his email on the login page.
  2. miniOrange identifies the tenant based on the email domain.
  3. Redirects him to Google Workspace.
  4. After authentication, Google sends the response to miniOrange.
  5. miniOrange validates and logs him into the application.
  6. Tenant-specific roles are assigned.

Outcome:

David accesses Gamma Technologies’ environment with complete data isolation.

After implementing Multi-Tenant SSO in .NET applications, organizations achieve:

  • Seamless and personalized login experience for each tenant.
  • Faster onboarding of new customers without code changes.
  • Reduced support tickets and login confusion.
  • Centralized control over tenant authentication and policies.
  • Strong data isolation and enhanced security.
  • A scalable identity architecture for SaaS growth.
  1. .NET SSO and SCIM User Provisioning
  2. .NET SSO and Two-factor Authentication
  3. .NET Multi-IDP Support
  4. .NET SAML SSO

We'll Reach Out to You at the Earliest

mo-form

 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

Table of Contents

Hello there!

Need Help? We are right here!

support