Lighthouse with AAD Registered Application: AADSTS500113 No reply address

Question

The Azure Lighthouse repo describes the ability to register the Managed Services resource provider in all the customer subscriptions from the partner environment. The Microsoft Lighthouse documentation points to this repo as one of the solutions for onboarding customer subscriptions.

Step one of this process describes the creation of a Registered Application in AAD without a reply address.
Step two describes the process of adding the newly created Registered Application to customer tenants. However, this step fails with an AADSTS500113 error which states there is no registered reply address.

The solution may sound simple, register a reply address. But this Registered Application isn't a real web app or actual service running anywhere. It was created so that we could use the associated Service Principal.

With that in mind, what should be used as the reply address in this scenario?

Answer 1

Hello @jberry , since this is application authentication no reply address is necessary and although an error is being thrown the service principal will be added to the foreign tenant.

In order to avoid such error, you can instruct other tenant admins to user Powershell to add the new service principal:

Connect-AzureAd
Or, in case of a specific tenant:
Connect-AzureAd -TenantId <TENANT ID>

New-AzureADServicePrincipal -AppId <SERVICE PRINCIPAL APP ID>

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.