My multitenant AAD application only sign-ins with my Office365 account, but my app manifest is set to signInAudience : "AzureADMultipleOrgs"

Question

I'm creating an Azure AD application that is intended to be used into a point of sale for Linux and a UWP app for Windows. The apps is intended to be multitenant, once the software is installed on the PCs of the clients, they can sign-in with their office 365 account to get access to their calendar and contacts list and allow communication with other employees. .

Until now, everything seemed to working OK, until I found that I can sign-in with my Office365 account but no one else can, if they try to sign in, this message is displayed:

In the UWP app I'm using the MSAL and in the Linux app I'm using the rest api with the endpoint:
https://login.microsoftonline.com/\[my tenant ID]/oauth2/v2.0/authorize?client_id=[my client id]

and in any case I'm getting the same issue.

In my Azure portal in the App manifest I have set the sigInAudience to:

So, I cannot understand why only my account works to sign in and use Graph but no one else can even my co-workers cannot sign in (In the first pic I'm trying to sign in with an account that I asked my IT to create for testing). I'm not owner of the Azure account just member, what should I request to the owner?

Cheers.

Answer 1

Hello @Carlos Corona , to ensure access to multi-tenant application to all users you need to:

1. Mark your app as publisher verified. This will help with the first error.
2. Use the organizations or common tenant in your Azure AD endpoints. This will allow external users can acquire tokens. E.g. https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=[my client id]

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.