CODEWITHSUNDEEP
azureazure-active-directorysingle-sign-onsamlmulti-tenant
Tibor
Tibor

Reputation: 161

Access Azure Active Directory SSO from an App outside the tenant

I have SAML SSO setup made for an Active Directory. I have another tenant which contains an app service, a webapp, which tries to authenticate using the SAML connection details. I'm getting:

AADSTS700016: Application with identifier was not found in the directory . This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Isn't it possible to authenticate with users from an AD for multiple applications from different tenants using SAML SSO?

Upvotes: 0

Views: 3910

Answers (1)

SureshBabu
SureshBabu

Reputation: 474

External users won't be able to log in to the Single Tenant application. These users would need to be existing in the same Tenant.

Make your app as a Multi-tenent as per rbrayb.

Multiple application that has its own account system, or supports other kinds of sign-ins from other cloud providers, adding Azure AD sign-in from any tenant is simple. Just register your app, add sign-in code via OAuth2, OpenID Connect, or SAML, and put a "Sign in with Microsoft" button in your application.

Based on the error,

Try Solution 1:

Make use of Application Client ID, instead of using any other client ID.

enter image description here

Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Upvotes: 2

Related Questions