Reputation: 45
Multi Tenant Access to Microsoft Graph API's with single app registration?
I have multiple mailboxes with multiple tenants. I am wondering if I can access the graph API's through a single app registration?
Upvotes: 1
Views: 1119
Answers (1)
Reputation: 16498
Yes. You could do that.
Register your Azure AD app as multi-tenant. You need to choose "Accounts in any orgnizational directory".
And you need to implement Get access without a user and use Application permission to access the mailboxes. The most important thing is to get administrator consent for each tenant.
We assume that this app is registered in TenantA. Now you want to access mailbox in TenantB. Then you should do admin consent like this: access the following url in a broswer.
https://login.microsoftonline.com/{TenantB}/adminconsent
?client_id={cliend id of registered app in TenantA}
&state=12345
&redirect_uri={redirect_uri of registered app in TenantA}
Log in with an admin account of TenantB to do the admin consent for TenantB.
After that you could Get an access token for TenantB to access your mailbox in TenantB.
Upvotes: 1
Related Questions
- How can I use my Azure AD app from another tenant?
- MS Graph API permission for multiple tenant
- How to Use Microsoft Graph in a Multi-Tenant environment?
- Azure AD / Microsoft Graph Tokens - What to use for a multi-client app
- Application Registration Portal for Graph Api
- Why do i need to create a Multi-Tenant App?
- Azure AD Multi tenant app
- Microsoft Graph API Multi tenant App-only auth scheme
- Multi tenant support for Microsoft Graph API
- Azure Graph API: authorize application on multiple tenants