You’re offline. This is a read only version of the page.
25
Good day,
As per the documentation here, we need to configure the app registration for end-user authentication to allow "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
For better security, I tried changing this value to "Accounts in this organizational directory only (Customer - Single tenant),"
using the manifest editor.
However, this seems to be not supported as the error message indicates on login:
Share
Report{
"error": {
"code": "ServiceError",
"message": "Missing required query string parameter: code. Url = https://token.botframework.com/.auth/web/redirect?error=+is+not+configured+as+a+multi-tenant+application.+Usage+of+the+%2fcommon+endpoint+is+not+supported+for+such+applications+created+after+%2710%2f15%2f2018%27.+Use+a+tenant-specific+endpoint+or+configure+the+application+to+be+multi-tenant
}
}
Is there any way to limit the app registration to single-tenant only?
This was one finding of a security audit, so I would also be interessted in the reason for this design decision.
Many thanks.
Hi @BenAffleck ,
Have no problem to allow multitenant because when you configure the API permissions inside the Azure panel, you need grant consent using the Administrator of your organization. But when a user connect to the Loggin button, you are getting the data to the user and not the user gets the data from the organization.
That's no way to allow only your single-tenant but I hope that it's not bad for you because we can get another organization data in the future.
#1
Romain The Low-Code...
66
#2
Pablo Roldan
55
#3
stampcoin
10
All responses (
Answers (
