microsoft graph api - Azure Log Analytics from multiple tenants

Question

I'm building a C# MVC webapp. The plan is:

1. First time user creates a custom account
2. When logged in, add a tenant with Microsoft OAuth2, agree to permissions
3. The webapp aggregates pre-configured Log Analytics items for each user's onboarded tenants.

How do I handle multitenant onboarding, where one user supplies multiple tenant accounts?

How do I authenticate and authorise once and call Azure APIs forever?

Answer 1

Multi-tenant mentioned by @StanleyGong should make sense.

In this case, you can add your account as guest user to the multiple tenants, assign RBAC roles to give the user access to the Azure Log Analytics.

Configure the authority as https://login.microsoftonline.com/{tenant-id} for multiple tenants in a configuration file. When you sign in with this account, choose different tenant based on different {tenant-id}.

You cannot sign in once to access to all the Azure Log Analytics data from all tenants. And you also can't authenticate and authorize once and call Azure APIs forever. Access token has lifetime. After it expires, you should re-authenticate.