"Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website "Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website azure azure

"Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website


azure azure-active-directory azure-web-app-service

If you are an Azure administrator getting this message, it may be for the the exact reason that is listed in the error message - you can not use the common API endpoint to MSFT logins to tenant-specific applications.

In my case, I was configuring an app registration with sample code - the sample code needed to be modified with a new endpoint. I.e the following line:

let kAuthority = "https://login.microsoftonline.com/common"

needed to be changed to:

let kAuthority = "https://login.microsoftonline.com/MY_TENANT_NAME"

The tenant name for your Azure organization can be obtained by typing "Tenant Status" into the Azure search bar.

Xamarin: The above note worked for MSAL iOS - for Xamarin MSAL Android/iOS, there was no direct way to set the authority in the main call. It needs to be chained to the interactive login call.

E.g., the sample code here: 

authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)                      .WithParentActivityOrWindow(App.ParentWindow)                      .ExecuteAsync();

Needs to be changed to this: 

authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)                      .WithAuthority("https://login.microsoftonline.com/YOUR_TENANT_NAME")                      .WithParentActivityOrWindow(App.ParentWindow)                      .ExecuteAsync();

azure azure-active-directory azure-web-app-service

It turns out that my account was not actually on Azure AD, so I needed to check "Accounts in any organizational directory" under "Supported account types" on portal.azure.com

Specifically: portal.azure.com > Azure Active Directory > App registrations (preview) > Your App > Authentication > Supported account types > Accounts in any organizational directory

azure azure-active-directory azure-web-app-service

Enable multi-tenant using the below option in azure.

portal.azure.com -> Azure Active Directory -> App registrations -> Select Your App -> Authentication -> Supported account types -> Accounts in any organizational directory (Any Azure AD directory - Multitenant)

this should be enabled when you want to allow public users.

enter image description here

If you are want to authorize the user into organization level(Private Users). Use the below option.

let authUrl = "https://login.microsoftonline.com/common"

change like below:

let authUrl= "https://login.microsoftonline.com/MY_TENANT_NAME"

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last