Multi-Tenant Azure Active Directory application with Msal for Angular 6
We are developing a SPA (Single page application) that any user with a valid Azure account can use. The app uses permissions such as Azure Resource Management (user_impersonation) for showing statistics and monitoring some Azure resources.
The application is built with Angualr 6+ and we are using the latest version of Msal-Angular for authentication. (the rxjs-compact package is installed for supporting angualr 6+)
I've already registered an App Registration in Azure (multi-tenant) with the configured permissions, but I'm having trouble configuring Msal-Angular for supporting Multi-Tenancy.
Our configuration works for organizational users but not for personal accounts that are not in my Active Directory.
MsalModule.forRoot({
clientID: environment.aadClientId,
redirectUri: environment.redirectUri,
authority: 'https://login.microsoftonline.com/organizations/',
protectedResourceMap: [['https://management.azure.com/', ['https://management.azure.com/.default']]]
})
If I try to change the authority to 'common' as in the following:
The login works, but the scopes are not acquired correctly and any attempt to access a secure API such as 'https://management.azure.com/' yields the following error:
ERROR The provided value for the input parameter 'scope' is not valid. The scope 'https://management.azure.com/.default openid profile' does not exist.|invalid_scope
Am I doing something wrong? Is this possible to implement with Msal-Angular or should I use Msal Core?
To allow personal account to login, you need to use common endpoint https://login.microsoftonline.com/common/.
And the supported account type must be "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)"
However: https://management.azure.com api is not supported when you use common endpoint and personal accounts. You can only use multi-tenant users here.
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService