Reputation: 31
How to access resources in one tenant from another tenant in Azure?
I have tenant-1, that has the entire infrastructure for my application web-1 (db, virtual n/w, sites etc).
I have a requirement to perform app registration for web-1 in tenant-2 & then try to access the resouces. Is this even possible?
Right now, I get 401 unauthorized error when I register the app in tenant2 and try to access the underlying resources in tenant1 from tenant2.
Do I need to make the app multi-tenant ? Is there any alternative?
Upvotes: 0
Views: 2028
Answers (1)
Reputation: 641
Yes app registration essentially create a service principal that you can used for RBAC. You may have missed a step to assign some roles to the registered app in tenant-2?
If your app already registered in tenant-1, you will need to create enterprise app in tenant-2 and use federation to connect them.
Update:
Add Links for App registration and Enterprise Application https://www.nathannellans.com/post/app-registrations-enterprise-apps-and-service-principals
Multi-tenant application: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
Application, AAD & Service Principle https://endjin.com/blog/2019/01/managing-applications-using-azure-ad-service-principals-and-managed-identities
Upvotes: 1
Related Questions
- How to register Azure AD multi-tenant app in another tenant (in which it wasn't created)
- How can I use my Azure AD app from another tenant?
- How do I get my multi-tenant Azure Function to access resources in another tenant?
- Connect App in Azure with Azure AD in a different tenant
- Grant service principal access to application in other tenant
- Azure Authentication with two tenants
- How to use a single application to access resources in multiple tenants in Azure AD?
- How to log into Azure App with a user from a different tenant?
- Multi tenant app to app authorization using AAD
- How to implement Azure multi tenant app access in angular 2