Reputation: 47
Update existing Teams App to Multi-tenant failing during provisioning using Teams Toolkit
We have a Teams App which is created using Teams Toolkit - SSO Enabled Tab option.
This App is single tenant by default and we want to convert it to Multi Tenant.
We are following the steps mentioned in "https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app" to do the same.
Here when I update the aad.template.json file and change the value of signInAudience to AzureADMultipleOrgs, and then run provisioning using teams toolkit. I get an error - "Failed to update application in Azure Active Directory. Please make sure 'templates/appPackage/aad.template.json' is valid: Request failed with status code 400 Detailed error: Request failed with status code 400. Reason: Values of identifierUris property must use a verified domain of the organization "
On changing the value back to AzureADMyOrg, provisioning is successful.
Anyone faced similar issue
Upvotes: 1
Views: 860
Answers (2)
Reputation: 177
This error is because you are not using a verified domain in Application Id Uri of your multi-tenant Azure AD app. Teams Toolkit will by default use Storage to host your Tab app, however Storage endpoint is not a tenant verified domain, and thus you will fail with this error if only update your AAD manifest.
You can follow step 2-4 in Update your Tab applications to create your CDN or use your own tenant verified domain and setup the endpoint in your project.
Upvotes: 2
Reputation: 10814
It sounds like it's failing because you don't have a verified domain registered with Azure. It's only required for multi-tenant apps, but that's exactly what you're building. Essentially, you need to have a regular external domain registered with Azure, something like a .com, .io, .net, .whatever public domain.
On the page you linked, it actually says as much:
Since Azure AD app requires an "tenant verified domain" for Application ID URI, you can use your own Custom Domain or Create a new Custom Domain on Azure.
But this looks useful too: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-modify-supported-accounts#why-changing-to-multi-tenant-can-fail
Upvotes: 1
Related Questions
- No Azure subscriptions discovered to provision app resources to
- Unable to proactively install Microsoft teams app through Graph API
- Cannot Provision Teams App due to Storage domain conflict
- Upload custom app in teams registered in another azure tenant
- Error 7505 - Request Authorization Tenant Mismatch
- Create a teams team error when using Microsoft graph api
- Can not create a team from scratch via microsoft graph api
- "Context is null or TenantId is null or UserId is null" when attempting to publish an app to catalog with Microsoft graph API
- Unable to add app to teams using Microsoft graph API
- Microsoft Teams: Owners cannot create additional Apps after being added via ms graph