Multi tenant azure app not visible for other tenants

3
votes

Summary: How do I make a multi tenant app available to other Azure AD tenants?

Details: I am writing a C# ASP.NET library using which I want to create subscriptions and register for change notifications. I am using Microsoft Graph API v1.0 for this operation.

I followed this documentation to obtain the access token for a service account. The first step listed in the documentation requires us to register the app on Azure AD Portal

Since I am building this app for multiple customers, I want this to be a multi tenant app. I followed this reference to register a multi tenant application, but I have a query as to how to make this app discover-able by other tenants ?

Do I need to publish it to be able to achieve this? If yes, can anyone please direct me towards any article which tells how to do that ?

1
azureazure-active-directorymulti-tenant
No, you don't. For a multi-tenant application, the initial registration for the application lives in the Azure AD tenant used by the developer. When a user from a different tenant signs in to the application for the first time, Azure AD asks them to consent to the permissions requested by the application. If they consent, then a representation of the application called a service principal is created in the user’s tenant.Tony Ju
Thank you for replying @CaiyiJu. In my case, since it's a one time thing, I want the admins of other tenants to grant the consent to the app, from the Azure portal itself. But so far, I have not been able to see this app when I login as some tenant other than the one with which the app was created.Swasti Gupta
Do you mean under Enterprise applications blade of any tenant or the one where it was created ? Basically, the idea in my head is, the other tenant should be able to see this app somewhere (marketplace or enterprise applications) and then navigate to authorization sub-tab inside the app and grant admin consent to the app for all the users of his domain. Will this be possible ?Swasti Gupta

1 Answers

2
votes

Do I need to publish it to be able to achieve this?

No, you don't. For a multi-tenant application, the initial registration for the application lives in the Azure AD tenant used by the developer. When a user from a different tenant signs in to the application for the first time, Azure AD asks them to consent to the permissions requested by the application. If they consent, then a representation of the application called a service principal is created in the user’s tenant.

Do you mean under Enterprise applications blade of any tenant or the one where it was created ?

It will exist in any tenant once a user from that tenant signs in to the application.