We want to support Office 365 customers with organizational account (type 2 as shown in REST API docs - http://msdn.microsoft.com/office/office365/APi/discovery-service-rest-operations). We basically followed these steps:
- Subscribe to O365 with organizational account (developer preview trial in our case).
- Create our own application in Azure AD managing our O365 organization.
- Configure end-points and other application settings in Azure AD.
- Integrate and test the actual non-Azure service on our side which is consuming Azure AD and O365 APIs.
What we have found during tests is that users from different organizations cannot authorize our application to access their data. It simply fails, they don’t even have the option. On the other hand, users from our organization are not presented with anything.
I understand that principle behind this is that admins are responsible for allowing applications that users in their organization can use. But how can users or admins from different organizations use our application?
We know there is an application directory for Azure AD. But it seems like rather brutal approach to what is fairly straight forward elsewhere - including Microsoft's own Live and O365 services consumed by Microsoft account (type 1 as shown in REST API docs).
Therefore, we wonder whether there is something we are missing? Some settings in application manifests? Some process which we must undertake to be verified as a trusted developer/application?