Forum Discussion
Send Activity Notification with Application permission doesn't support Multi-Tenancy
I am trying to use the Teams Send Activity Notification Graph API with Application permission (TeamsActivity.Send).
The API works as expected if the token was created with a Single-tenant authority URL (authorityHost+'/'+tenantId).
However, I am unable to make it work with a multitenant authority URL (authorityHost+'/common').
I tried 3 options -
- TeamsFx SDK - Used createMicrosoftGraphClientWithCredential with AppCredential
- TenantId is automatically appended to authorityUrl. No way to specify '/common'
- TenantId is automatically appended to authorityUrl. No way to specify '/common'
- Microsoft Graph Client SDK with TokenCredentialAuthentication: Used ClientSecretCredential from the azure/identity library.
- Same result. No way to specify '/common' in the authorityUrl. The additionallyAllowedTenants property made no difference.
- Microsoft Graph Client SDK with Msal-Node: Used ConfidentialClientApplication with acquireTokenByClientCredential
- Got the following error -
ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
- Got the following error -
ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.
Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.
Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service
- Sayali-MSFTMicrosoftssj_springctin- Thanks for reporting your issue.
We will check this at our end and will get back to you. - Sayali-MSFTMicrosoft
ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.
Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.
Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service- ssj_springctinCopper Contributor
Hi Sayali-MSFT ,
Thank you for your response.For now, tenant-wise application token is working as expected for us.