I have a multi-tenant .NET Core 3.1 web application with SSO functionality. Each tenant may optionally use Azure AD to sign in users, and each tenant using Azure AD must be
