ADAL Authentication Error Multi-Tenant

use a tenant-specific endpoint or configure the application to be multi-tenant.
azure multi tenant application example
multi tenant active directory
azure ad multi tenant authentication
azure b2c multi tenant
azure multi tenant architecture
what is multi tenant in azure
azure multi tenant tutorial

I taken the sample code from the GIT for multi-tenant. https://github.com/OfficeDev/O365-WebApp-MultiTenant

In https://manage.windowsazure.com/ i enabled MULTI-TENANT to YES. But when ever i tried to login with different organization i am getting error as follows.

User account 'vtest@someconsuting.onmicrosoft.com' from identity provider 'https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxx/' does not exist in tenant 'My Test App ' and cannot access the application 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

How can i resolve this??


Finally i found the solution to my problem. From this URL https://github.com/dream-365/OfficeDev-Samples/blob/master/samples/Office365DevQuickStart/AspNetMvc-MultiTenant/

I copied the following files to my project

TokenCacheDBContext.cs

SqlDBTokenCache.cs

ServiceConstants.cs

App_Start/Startup.auth.cs

I ran the project and got one error for Office365AssertedFailedException. For that i created one more class file like

Office365AssertedFailedException.cs

I rebuild the code again and got success. Now i am able to login with multi-tenants.

ADAL Authentication Error Multi-Tenant, Finally i found the solution to my problem. From this URL� When you do this, the server will pass the entire certificate chain when a client application uses ADAL for authentication. Note The certificate store of Network Load Balancers should also be updated to include the entire certificate chain.


Please ensure your authority url is "https://login.windows.net/common".

If your authority url is "https://login.windows.net/{tenant_id}", you will get the error as following:

To fix this issue, in the Startup.Auth.cs, config the authority url as "https://login.windows.net/common".

    var authority = string.Format("{0}/{1}", ServiceConstants.AzureADEndPoint, "common");

    var options = new OpenIdConnectAuthenticationOptions {
        ClientId = OAuthSettings.ClientId,
        Authority = authority,
        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters {
            ValidateIssuer = false
        }
    };

sample Startup.Auth.cs

Azure AD authentication & authorization error codes, Azure AD Authentication and authorization error codes The error field has several possible values - review the protocol documentation application isn't registered in Azure AD or isn't added to the user's Azure AD tenant. If I was making a straight MVC app, I'd continue on with the example above, using app.UseOpenIdConnectAuthentication on the server. But my app is a SPA, with Web Api backend, and I haven't been able to find a multi-tenant example for this scenario.


I had the same issue. Just replaced

    string authorityUri = "https://login.microsoftonline.net/common/";

with

    string authorityUri = "https://login.windows.net/common";

Configuring multi-tenant authentication with Azure App Service , Sign out and sign in again with a different Azure Active Directory user account. Error when trying to authenticate with an organizational account� AADSTS16000. SelectUserAccount - This is an interrupt thrown by Azure AD, which results in UI that allows the user to select from among multiple valid SSO sessions. This error is fairly common and may be returned to the application if prompt=none is specified. AADSTS16001.


Setting Up AzureAD Multi-tenant Authentication With ASP NET Core , Using Azure AD to implement a multi-tenant application is fairly straight forward. It requires turning on a few knobs and switches from the portal� Err:Error: AL error: 0xCAA10001 Fri Apr 19 2019 08:03:24 GMT-0500 (Central Daylight Time) <4280> -- event -- Microsoft_ADAL_api_id: 13, Microsoft_ADAL_correlationId: 4869522f-4d3c-4561-86b3-073bb272063d, Microsoft_ADAL_response_rtime: 3, Microsoft_ADAL_api_error_code: caa10001, Fri Apr 19 2019 08:03:24 GMT-0500 (Central Daylight Time) <4280


Azure-Samples/active-directory-dotnet-webapi-multitenant , A .NET 4.5 multi-tenant web API that is secured using Azure AD and OAuth 2.0 access tokens, and accepts calls from Azure AD users in any tenant via a� Best practices for multi-tenant apps. Building great multi-tenant apps can be challenging because of the number of different policies that IT administrators can set in their tenants. If you choose to build a multi-tenant app, follow these best practices: Test your app in a tenant that has configured Conditional Access policies.


anomepani/Multi-Tenant-Authentication-using-adal-js , Known Issue. Some times when we request Multi Resource token simultaneously first token is received and for second token failed internally by adal.js even if� A common error when using the Active Directory Authentication Library (ADAL) with a multi-tenant application is to initially request a token for a user using /common, receive a response, then request a subsequent token for that same user also using /common.