active directory – MultiTenant Azure AppRegistration with Server Side Blazor

I’m using the default Blazor Server Template in Visual Studio 2022 with the authentication set to use the Microsoft Identity Platform.

I have an AppRegistration in my Azure Active Directory account set to allow accounts in any organization (Multitenant):

enter image description here

In my appsettings.json file I am using the correct client & tenant id:

enter image description here

When I run the application I can log in with any account that is in my AAD tenant (or has been invited into my AAD). However when I try to use an identity from another AAD Tenant I get the following error:

Selected user account does not exist in tenant ‘TENANT NAME’ and cannot access the application ‘APP-REGISTRATION-ID’ in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

From what I have found in the docs and other articles I need to be using the common endpoint for logging in, but if I change the “Domain” in my appsettings to “common” it does not make a difference and if I update “Instance” to login.microsoftonline.com/common/oauth2/authorize or login.microsoftonline.com/common/ I get an exception as the URL is not correct.

Perhaps the default Blazor Server Template is set to use Single Tenant app registrations? How can I have it properly use Multitenant?

Read more here: Source link