search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.18k stars 21.31k forks source link

Static web apps documentation should mention how to set up custom auth for multi-tenant Azure AD apps #108610

Closed tlaundal closed 1 month ago

tlaundal commented 1 year ago

I've spent a frustrating amount of time setting up my app for multi-tenant custom authentication.

In the end, it comes down to enabling multi-tenant for the app itself, and writing common instead of the tenant id in the URL for the openIdIssuer property in the SWA.

The first part is covered in the AD docs.

The common part, I think should be mentioned in the Azure Static Web Apps documentation for how to set up custom authentication with Azure AD apps.

While debugging this setup, I got the error code AADSTS50020 which helpfully had a corresponding page in the documentation. However, this page indicated organizations would be the correct keyword to use in place of the tenant id, for multi-tenant apps without personal account access. The app I tested this on was multi-tenant without personal accounts ("signInAudience": "AzureADMultipleOrgs"), but common nonetheless worked while organizations did not. I'm not sure if this is some SWA specific issue or not.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

RamanathanChinnappan-MSFT commented 1 year ago

@tlaundal

Thanks for your feedback! We will investigate and update as appropriate.

RyanHill-MSFT commented 1 year ago

I can understand the level of confusion @tlaundal. To answer your question,

> I'm not sure if this is some SWA specific issue or not.

it isn't a SWA specific issue, it's the AAD registration. organizations should work as long as the AAD registration was set to Active Directory (no personal accounts) under the Authentication blade. I'll try this out myself but, in the meantime, I've assigned this to the content author so they can refine the mention of setting the authority appropriately.

craigshoemaker commented 1 month ago

Thanks for your feedback and your contribution to Azure docs.

Feedback for this repository is moving away from GitHub to a system specific to the Microsoft Learn platform. Issues for this repository will soon be disabled, and additional comments from GitHub will no longer be possible. However, we are now tracking and triaging this issue in the new feedback system.

To learn more about our feedback systems, please see Provide feedback for Microsoft Learn content.

please-close