Azure Multi-Tenant Authentication

Hi Guys,
I’m able to use OpenID connect to authenticate with AzureAD and I’m able to run Azure PowerShell commands in the user’s context successfully. I want to be able to take it a step further and make the dashboard multi-tenant. i.e. Users from different tenants can authenticate with their Azure AD credentials and log in. In theory it should be possible… by enabling the Azure app registration for multi-tenant use:

and changing the authority in the authentication method from:
https://login.microsoftonline.com/< tenantid >
to:
https://login.microsoftonline.com/common

When a user logs in they are prompted to accept the application permissions:

however… it doesn’t sign them in and I get a http 500 error back:

If I reverse the changes back to single-tenant setup then it works again (with the same callback URL). Has anyone had any success doing this?

@adam this also relates to my other post about the openID Connect HTTP500 error. Are there any plans to make UD multi tenant compatible? using a multi tenant Azure application configuration doesn’t seem to work with UD. I’m guessing there’s some deeper logic that needs to be done to account for this (some guidelines can be found in this doc):

I think I’m able to put in an elaborate workaround for my application but it would be really nice and much cleaner to have UD work as a multi tenant application natively.

It’s been mentioned a couple times but it never made it on the roadmap. I’ve added a backlog item to investigate what we need to do. Thanks for providing those docs.

Has there been any progress in this regard?

Hi Adam

Also looking to use this kind of functionality.

Cheers

I’ll get this slated for our 1.6 release.

1 Like

@adam Is Azure AD multi-tenant authentication implemented in PSU 3.x?