locked
Azure App Services - Office 365 - MultiTenant RRS feed

  • Question

  • I'm trying to get multi-tenant access going with my App Service but with no luck.

    I created a developer account on Office 365, set up my Active Directory, added my application, etc etc.
    It works fine if I use my Active Directory account to log into the app, but no other Office 365 users are able to login.

    Under the configuration in AD > Applications, I see a setting "Application is Multi-Tenant".
    I am unable to switch this setting on as it gives me the following error message:
    The App ID URI is not available. The App ID URI must be from a verified domain within your organization's directory.

    As far as I know, I am unable to change the domain of my Azure App service, my App ID Uri looks something like this:
    http://<myresourcegroup>.azurewebsites.net/signin-aad

    I can't seem to figure this out, any help is appreciated, thank you.


    Thursday, August 6, 2015 3:54 PM

Answers

  • We may need to understand the scenario further, would it be possible to open a support incident for this issue so that we can work directly with you and get additional information.
    Tuesday, August 11, 2015 9:47 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.I apologize for the inconvenience and appreciate your time and patience in this matter.

    Best Regards,
    Kamalakar
    Friday, August 7, 2015 12:49 PM
  • Greetings!

    When enabling external access, you must ensure that your application’s App ID URI belongs in a verified domain. Additionally, the Return URL must begin with https://.

    You may refer to this sample: https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet

    For details on App ID URI and other relevant properties, please  refer: Application Objects and Service Principal Objects.

    Hope this helps!

    Thank you,

    Arvind

    Monday, August 10, 2015 3:31 PM
  • Thanks for the reply, though this doesn't really help me.

    As far as I know, you are unable to change the domain of your Azure App Service (Mobile App in particular).

    Monday, August 10, 2015 3:33 PM
  • As Arvind pointed out, the AppID URI needs to be part of a verified domain. This verified domain is referring to your azure active directory domain, which can be different from your websites domain.

    https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/

    Note: When enabling an app for external users, the value of the App ID URI of the app must be an address in one of your directory’s verified domains. As a result, it cannot be a URN. This safeguard prevents other organizations from specifying (and taking) unique property that belongs to your organization. During development, you can change your App ID URI to a location in your organization’s initial domain (if you haven’t verified a custom/vanity domain), and update your app to use this new value. The initial domain is the 3-level domain that you create during sign up, such as contoso.onmicrosoft.com.

    Tuesday, August 11, 2015 3:42 PM
  • This contradicts the documentation for Azure App Services, where it instructs me to use the App URI provided and place that into my Active Directory Application config.

    "During development, you can change your App ID URI to a location in your organization’s initial domain (if you haven’t verified a custom/vanity domain), and update your app to use this new value."

    I am unable to change the this for my Mobile App, I can not update the app to use this value.

    Tuesday, August 11, 2015 7:04 PM
  • We may need to understand the scenario further, would it be possible to open a support incident for this issue so that we can work directly with you and get additional information.
    Tuesday, August 11, 2015 9:47 PM
  • Hello,

    As Imtiaz mentioned, we would suggest you to open a Technical Support Ticket so that we can take a closer look at the issue as this is beyond the purview of the Forums Support. We would need sensitive PII information as well.

    We would like to now mark this thread as ‘Answered’, which can help others facing the same issue.

    Regards,

    Neelesh

    Thursday, August 13, 2015 7:56 AM