Eng Soon Cheah
Reputation: 257
Multi-tenant issue in Microsoft Graph
Currently, I developing Microsoft ChatBot that needs login via Microsoft Graph.
After I log in the error display as below.
Upvotes: 0
Views: 175
Answers (1)
Philippe Signoret
Reputation: 14336
When you registered your app, you chose one of three supported account types:
- Accounts in this organizational directory only (i.e. one Azure AD tenant only)
- Accounts in any organizational directory (i.e. any Azure AD tenant)
- Accounts in any organizational directory and personal Microsoft accounts (i.e. any Azure AD tenant and any personal Microsoft account)
If you chose the first option, your app is not considered "multi-tenant", and you cannot use the "common" endpoint, as the error message indicates. You have two options here:
- If your application is to be used by users from multiple organizations, change the intended audience to "Accounts in any organizational directory" (Azure portal > Azure Active Directory > App registrations > Authentication).
- If your application is only intended to be used by one organization, then update your code to use the tenant-specific endpoint (i.e.
https://login.microsoftonline.com/{tenant-id}/..., instead ofhttps://login.microsoftonline.com/common/...).
Upvotes: 3
Related Questions
- Microsoft Graph Toolkit: "Use a tenant-specific endpoint"
- MS Graph API permission for multiple tenant
- Error 7505 - Request Authorization Tenant Mismatch
- Web API manages different tenants using Microsoft Graph API
- How to Use Microsoft Graph in a Multi-Tenant environment?
- Microsoft Graph API: Getting ErrorAccessDenied for multi-tenant application with application permission
- Multi Tenant Access to Microsoft Graph API's with single app registration?
- Microsoft Graph API Multi tenant App-only auth scheme
- Multi tenant support for Microsoft Graph API
- Azure Graph API: authorize application on multiple tenants