"Use a tenant-specific endpoint or configure the application to be multi-tenant" when signing into my Azure website

Question

I'm getting this error after I sign into my Azure website:

AADSTS50194: Application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx' is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.

Answer 1

If you are an Azure administrator getting this message, it may be for the the exact reason that is listed in the error message - you can not use the common API endpoint to MSFT logins to tenant-specific applications.

In my case, I was configuring an app registration with sample code - the sample code needed to be modified with a new endpoint. I.e the following line:

let kAuthority = "https://login.microsoftonline.com/common"

needed to be changed to:

let kAuthority = "https://login.microsoftonline.com/MY_TENANT_NAME"

The tenant name for your Azure organization can be obtained by typing "Tenant Status" into the Azure search bar.

---

Xamarin: The above note worked for MSAL iOS - for Xamarin MSAL Android/iOS, there was no direct way to set the authority in the main call. It needs to be chained to the interactive login call.

E.g., the sample code here:

authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)                       .WithParentActivityOrWindow(App.ParentWindow)                       .ExecuteAsync(); 

Needs to be changed to this:

authResult = await App.PCA.AcquireTokenInteractive(App.Scopes)                       .WithAuthority("https://login.microsoftonline.com/YOUR_TENANT_NAME")                       .WithParentActivityOrWindow(App.ParentWindow)                       .ExecuteAsync();