I have been reading the documentation on authentication for multi-tenant applications https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview and had the following additional questions:
- In the multi-tenant scenario, is the customer admin not able to "add" the provider application by using the Non-Gallery option in Enterprise Apps? Or is the only way to have the custom admin do the initial consent?
- Once the customer has the app in their AAD, can it be added to the /myapps page for users in their directory?
- How is the multi-tenant scenario impacted by using B2B? When using B2B, when a customer account is invited an account gets created for them of type "Guest" in the inviting directory (where the app lives). Can this "Guest" account be used to access the application via the registration that is in the directory hosting the application?
- What about the scenario where a Web App (UI) that is registered is accessing Function Apps? Do the Function Apps need to be registered as well?