Home

Create new Microsoft Teams App multitenant

%3CLINGO-SUB%20id%3D%22lingo-sub-691023%22%20slang%3D%22en-US%22%3ECreate%20new%20Microsoft%20Teams%20App%20multitenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-691023%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20want%20to%20create%20a%20personal%20tab%20in%20Microsoft%20Teams%20with%20multitenant%20REST%20API.%3C%2FP%3E%3CP%3EMy%20REST%20API%20have%20a%20client%20autentication%20(%3CSTRONG%3EMSAL%3C%2FSTRONG%3E)%20that%20make%20some%20action%20with%20Graph%20API%20and%20%3CSTRONG%3Eapplication%3C%2FSTRONG%3E%20permission.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EI%20would%20like%20to%20use%20my%20REST%20API%20application%20as%20a%20%3CSTRONG%3Emultitenant%3C%2FSTRONG%3E%2C%20thus%20avoiding%20to%20release%20the%20application%20for%20each%20client.%3CBR%20%2F%3EI%20tried%20to%20authenticate%20myself%20with%20the%20%22Common%22%20tenant%20but%20I%20can't%20log%20in.%3CBR%20%2F%3EI%20tried%20to%20insert%20a%20different%20tenant%20from%20the%20one%20in%20which%20I%20registered%20the%20application%2C%20but%20I%20have%20an%20authentication%20error.%3C%2FP%3E%3CP%3EI%20can't%20use%20user%20permissions%20because%20in%20some%20cases%20I%20need%20to%20do%20operations%20with%20elevated%20privileges.%3C%2FP%3E%3CP%3EI%20therefore%20wonder%20if%20it%20is%20necessary%20to%20generate%20an%20App%20Registration%20for%20each%20client.%20In%20this%20case%2C%20how%20can%20I%20do%20this%20while%20installing%20the%20application%3F%3CBR%20%2F%3EMy%20application%2C%20through%20App%20Studio%2C%20consists%20of%20a%20ZIP%20file%20containing%20the%20manifest%20and%20the%20icons.%3C%2FP%3E%3CP%3EWhat%20is%20the%20best%20way%20to%20create%20a%20single%20backend%20that%20satisfies%20a%20multitenant%20application%3F%20Or%20how%20can%20I%20register%20a%20new%20%22App%20Registration%22%20when%20installing%20the%20application%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20a%20lot%3C%2FP%3E%3CP%3EAndrea%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-691023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-693944%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20new%20Microsoft%20Teams%20App%20multitenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-693944%22%20slang%3D%22en-US%22%3E%3CP%3ECoincidentally%20I%20have%20the%20exact%20same%20problem%2C%20just%20tried%20a%20common%20tenant%20app%20and%20get%20the%20following%20from%20the%20Domains%20%26amp%3B%20Permissions%20section%20in%20App%20Studio%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E*AAD%20application%20id%20of%20the%20app.%20This%20id%20must%20be%20a%20GUID.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20common%20tenant%20appId%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E*Resource%20url%20of%20app%20for%20acquiring%20auth%20token%20for%20SSO.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EUrl%20of%20the%20multi%20tenant%20app%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20ADAL.js%20app%20itself%20doesn't%20have%20a%20tenant%2C%20like%20the%20OP%20mentioned%3A%3C%2FP%3E%3CDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSTRONG%3E%7B%20tenant%3A%20'common'%20%7D%3C%2FSTRONG%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20result%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAUTHADAL%3A%20Event%3A%20adal%3AtokenRenewFailure%2C%20code%3A%20AADSTS500011%3A%20The%20resource%20principal%20named%20%3CSTRONG%3E%3CURL%20of%3D%22%22%20the%3D%22%22%20multi%3D%22%22%20tenant%3D%22%22%20app%3D%22%22%3E%3C%2FURL%3E%3C%2FSTRONG%3E%20was%20not%20found%20in%20the%20tenant%20named%20%3CSTRONG%3E%3CTENANT%20i%3D%22%22%3E%3C%2FTENANT%3E%3C%2FSTRONG%3E.%20This%20can%20happen%20if%20the%20application%20has%20not%20been%20installed%20by%20the%20administrator%20of%20the%20tenant%20or%20consented%20to%20by%20any%20user%20in%20the%20tenant.%20You%20might%20have%20sent%20your%20authentication%20request%20to%20the%20wrong%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20important%20to%20say%20the%20app%20works%20fine%20outside%20of%20the%20MS%20Teams%20IFRAME%20and%20the%20consent%20has%20been%20given%20to%20the%20entire%20organization%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Andrea Tosato
New Contributor

Hi all,

I want to create a personal tab in Microsoft Teams with multitenant REST API.

My REST API have a client autentication (MSAL) that make some action with Graph API and application permission.

I would like to use my REST API application as a multitenant, thus avoiding to release the application for each client.
I tried to authenticate myself with the "Common" tenant but I can't log in.
I tried to insert a different tenant from the one in which I registered the application, but I have an authentication error.

I can't use user permissions because in some cases I need to do operations with elevated privileges.

I therefore wonder if it is necessary to generate an App Registration for each client. In this case, how can I do this while installing the application?
My application, through App Studio, consists of a ZIP file containing the manifest and the icons.

What is the best way to create a single backend that satisfies a multitenant application? Or how can I register a new "App Registration" when installing the application?

 

Thanks a lot

Andrea

1 Reply

Coincidentally I have the exact same problem, just tried a common tenant app and get the following from the Domains & Permissions section in App Studio:

 

*AAD application id of the app. This id must be a GUID.

My common tenant appId

 

*Resource url of app for acquiring auth token for SSO.

Url of the multi tenant app

 

The ADAL.js app itself doesn't have a tenant, like the OP mentioned:

 
{ tenant: 'common' }

 

This is the result: 

 

AUTHADAL: Event: adal:tokenRenewFailure, code: AADSTS500011: The resource principal named <Url of the multi tenant app> was not found in the tenant named <Tenant I'm attempting to logon against>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

 

Edit: important to say the app works fine outside of the MS Teams IFRAME and the consent has been given to the entire organization

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies