I have multiple apps registered with azure AD including UI/API. User attributes contains "customer id", "role" for permissions to the applications. Each user has value for "customer Id" in user attribute, this is returned in access token for customer specific data. => a user for one customer.
updated scenario: "user a" is an admin for "customerA", also same "user a" needs to be manager role for "customer b". => a user for multiple customers.
how to handle this - provided customerid extracted from token ? On UI user should be able to switch from customer to another.
to try I have created table in own database for this, and it will require me re-write all the api to not extract customer id from token, but depend on UI/API.
any alternative suggestion ?