Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to change from single tenant to multiple tenant in azure AD

Tags:

azure-active-directory

Originally when I setup my application in azure AD at work I selected single tenant. However, I actually need to use multi tenant (AzureADMultipleOrgs). When you try to change to multiple tenant in the UI in azure AD portal you get this message :

"Due to temporary differences in supported functionality, we don't recommend enabling personal Microsoft accounts for an existing registration. If you need to enable personal accounts, you can do so using the manifest editor. Learn more about these restrictions.​"

Then if you go to learn more about this it states you should be using the manifest to change this. So I change the value of "signInAudience" to AzureADMultipleOrgs and still when I go to sign in it is still askign me to use an email address for the single tenant (email address from that tenant domain). I thought changing this value would allow me to use any work or school/organization email address to sign in but nothing has changed. Am I doing something wrong because MS does not give much help to switch from single to multiple.

like image 886
Qiuzman Avatar asked Oct 20 '25 08:10

Qiuzman

1 Answers

In order to change your application "Supported account type" from Single-Tenant to multi-Tenant, please check the following:

Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your app -> Authentication

enter image description here

If you are using code to sign-in, make sure to change the below settings:

Authority = "https://login.microsoftonline.com/common";
Audience = "api://Your_App_ID";// Your Application ID URI

Please check this MsDoc that can help you in the process.

Due to temporary differences in supported functionality, we don't recommend enabling personal Microsoft accounts for an existing registration. If you need to enable personal accounts, you can do so using the manifest editor. Learn more about these restrictions

Please note that, after registering the application if you want to change the supported type to Personal Microsoft accounts, you cannot find that option and will get the above warning.

enter image description here

So, it suggests you to change it in Manifest. You can ignore that WARNING, if you are changing to multi-tenant.

If still the issue persists, please check the below references:

How to: Change the account types supported by an application - Microsoft Entra | Microsoft Docs

Validation differences by supported account types - Microsoft Entra | Microsoft Docs

azure-docs/howto-convert-app-to-be-multi-tenant.md at main · MicrosoftDocs/azure-docs · GitHub

like image 136
Sridevi Avatar answered Oct 22 '25 03:10

Sridevi

Sign in to Comment

Related questions

Azure AD Audience is Invalid due to "api://" being appended
Azure AD sync users to on premise AD
next-auth x Microsoft Graph API: Where to get the accessToken
How to get user's attributes from Identity in Blazor Server with organization authentication
How to access azure AD using python SDK
Bot Channels Registration - Azure Bot Framework
Syncing profile pictures from Azure Active Directory to Azure DevOps
ASP.NET Core 6 : permit Azure AD authentication and local authentication
Get my user's information using MS Graph API
Azure Active Directory - UI > API - 401 Error
How to synchronize Microsoft users from Azure into the Keycloak
Change redirectURI and CallbackPath for AzureAD authentication in .net core 3.1.1 web app
Why does Azure Active Directory OAuth work for me and no one else?
AAD AppRoles allowedMemberTypes for both application and user
Azure Active Directory Group Membership check for Individual User
Permissions required to run Remove-AzureRMAdGroup
What is the .default scope for graph.microsoft.com
Azure Static web app - Custom Identity Auth with Azure AD
How to login to a Azure Active Directory as a User in Test-Code?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!