SOLVED

Send Activity Notification with Application permission doesn't support Multi-Tenancy

Copper Contributor

I am trying to use the Teams Send Activity Notification Graph API with Application permission (TeamsActivity.Send).

The API works as expected if the token was created with a Single-tenant authority URL (authorityHost+'/'+tenantId). 

However, I am unable to make it work with a multitenant authority URL (authorityHost+'/common'). 

 

I tried 3 options - 

  1. TeamsFx SDK - Used createMicrosoftGraphClientWithCredential with AppCredential
    • TenantId is automatically appended to authorityUrl. No way to specify '/common'

  2. Microsoft Graph Client SDK with TokenCredentialAuthentication: Used ClientSecretCredential from the azure/identity library. 
  3. Microsoft Graph Client SDK with Msal-Node: Used ConfidentialClientApplication with acquireTokenByClientCredential
    • Got the following error - 
      ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
3 Replies
@ssj_springctin- Thanks for reporting your issue.
We will check this at our end and will get back to you.
best response confirmed by ssj_springctin (Copper Contributor)
Solution

@ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.

Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.

Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service

Hi @Sayali-MSFT ,
Thank you for your response.

For now, tenant-wise application token is working as expected for us.

1 best response

Accepted Solutions
best response confirmed by ssj_springctin (Copper Contributor)
Solution

@ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.

Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.

Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service

View solution in original post