Error "identity provider 'live.com' does not exist in tenant" even though with "signInAudience": "AzureADandPersonalMicrosoftAccount",

Question

Hi

I am unable to login to my azure app with a personal Microsoft account even though it is setup to allow multitentant and personal accounts.

Is there any other setting in the app that could be preventing me from logging in?

Answer 1

Hello @Damien Mahadew

Thank you for posting this concern on this community space.

I wonder if you have read this relevant detail below which might fit into your case scenario issue...

Please check this out:

Why changing to multi-tenant can fail

Switching an app registration from single- to multi-tenant can sometimes fail due to Application ID URI (App ID URI) name collisions. An example App ID URI is https://contoso.onmicrosoft.com/myapp.

The App ID URI is one of the ways an application is identified in protocol messages. For a single-tenant application, the App ID URI need only be unique within that tenant. For a multi-tenant application, it must be globally unique so Azure AD can find the app across all tenants. Global uniqueness is enforced by requiring that the App ID URI's host name matches one of the Azure AD tenant's verified publisher domains.

For example, if the name of your tenant is contoso.onmicrosoft.com, then https://contoso.onmicrosoft.com/myapp is a valid App ID URI. If your tenant has a verified domain of contoso.com, then a valid App ID URI would also be https://contoso.com/myapp. If the App ID URI doesn't follow the second pattern, https://contoso.com/myapp, converting the app registration to multi-tenant fails.

For more information about configuring a verified publisher domain, see Configure a verified domain.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello @Damien Mahadew

Thank you for posting this concern on this community space.

I wonder if you have read this relevant detail below which might fit into your case scenario issue...

Please check this out:

Why changing to multi-tenant can fail

Switching an app registration from single- to multi-tenant can sometimes fail due to Application ID URI (App ID URI) name collisions. An example App ID URI is https://contoso.onmicrosoft.com/myapp.

The App ID URI is one of the ways an application is identified in protocol messages. For a single-tenant application, the App ID URI need only be unique within that tenant. For a multi-tenant application, it must be globally unique so Azure AD can find the app across all tenants. Global uniqueness is enforced by requiring that the App ID URI's host name matches one of the Azure AD tenant's verified publisher domains.

For example, if the name of your tenant is contoso.onmicrosoft.com, then https://contoso.onmicrosoft.com/myapp is a valid App ID URI. If your tenant has a verified domain of contoso.com, then a valid App ID URI would also be https://contoso.com/myapp. If the App ID URI doesn't follow the second pattern, https://contoso.com/myapp, converting the app registration to multi-tenant fails.

For more information about configuring a verified publisher domain, see Configure a verified domain.

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.