I have a Web app / API deployed on Microsoft Azure working in single tenant mode. I need to enable users from other tenants to be able to use my API.
I found this post with step-by-step guide to enable multi-tenant authentication, https://blog.mastykarz.nl/configuring-multi-tenant-authentication-azure-app-service-authentication-options/
but when I try to change Web API's Multitenanted property to Yes, it says "failed to update App ID URI application property" with following error detail:
{"errorCode":"HostNameNotOnVerifiedDomain","localizedErrorDetails":
{"errorDetail":"Host name in property identifierUris is not on any verified
domain of the company or its subdomain."},
"operationResults":null,"timeStampUtc":"2017-01-11T00:14:37.3270764Z",
"clientRequestId":"...","internalTransactionId":"...",
"upn":"...@gmail.com","tenantId":"...","userObjectId":"..."}
Currently App ID URI holds address of my Web API (and it is working in single tenant mode as expected) https://(..).azurewebsites.net is this not correct for multi tenanted mode?
No. With multi-tenant apps the App ID URI has to be in a domain in your AAD. So if my AAD contains domains like test.onmicrosoft.com and company.com, then allowed URIs would be:
You don't own the azurewebsites.net domain and thus can't use it.