Multi-tenant API app configuration issue

Question

I have web app in tenant1 and multi-tenant api app in tenant2; trying to configure web app's access to api app using the "Required Permissions" blade. The api app doesn't show in the "Select an API" blade.

Is there anything special I need to do while creating the multi-tenant app definition besides marking YES for multi-tenancy?

Answer 1

Before you can see your Multi-Tenant Web API in an external tenant, you must first provision a service principal for that application into the external tenant.

The easiest way to do this is to simply log into the Web API, which will cause a consent screen to pop up, and by consenting to the app, a service principal will be created.

From that point, the Application Portal will find your Multi-Tenant Web API, and show the permissions you register on the main application object in the main tenant.

To 'log in' to the app, all you need to do is have someone navigate to a login page with your application's configuration in the url:

https://login.microsoftonline.com/<Tenant1ID>/oauth2/authorize?client_id=<AppID>&response_type=code&redirect_uri=<RedirectURI>&prompt=consent

I also specifically added a prompt=consent query string to make sure that the consent dialogue is presented to you.

Let me know if this helps

EDIT: Note that you should search for your app in the Azure Portal using the Application's display name.