Changing “signInAudience” to “AzureADMultipleOrgs” in aad.template.json throws "Values of identifierUris property must use a verified domain of the organization " error.

Godhwani, Naina 41 Reputation points

We have a Teams App which is created using Teams Toolkit - SSO Enabled Tab option. This App is single tenant by default and we want to convert it to Multi Tenant. We are following the steps mentioned in "" to do the same. Here when I update the aad.template.json file and change the value of signInAudience to AzureADMultipleOrgs, and then run provisioning using teams toolkit. I get an error - "Failed to update application in Azure Active Directory. Please make sure 'templates/appPackage/aad.template.json' is valid: Request failed with status code 400 Detailed error: Request failed with status code 400. Reason: Values of identifierUris property must use a verified domain of the organization " On changing the value back to AzureADMyOrg, provisioning is successful. Anyone faced similar issue

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,691 questions
Microsoft Graph Teamwork API
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,072 questions
{count} votes

Accepted answer
  1. Shweta Mathur 14,991 Reputation points Microsoft Employee

    Hi @Godhwani, Naina ,

    Thanks for reaching out.

    identifierUris in the manifest is the Application ID URI which is used to uniquely identify the scopes of your custom api and set while exposing the scopes to another application and hence that entry has to be globally unique. You can either use the default value provided, which is in the form api://<application-client-id> or specify a more readable URI like

    Switching an app registration from single- to multi-tenant can sometimes fail due to Application ID URI (App ID URI) name collisions.

    It would always recommend a fresh setup for the app registration, if that is a possibility on your end and set App Id URI which always generates unique App ID URI globally in case of multi-tenant applications or verified customer owned domain.

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful