How can we make our app multi tenant and successfully deploy & render content across multiple organization ?

Sandeep Kumar 5 Reputation points
2023-06-05T16:13:56.6166667+00:00

Problem statement:

Objective: Publish a Microsoft Teams app with a chatbot and tabs integrated.

Steps we did:  While processing to publish the app, we knew the following things,

  • The bot is supported and all functionality works as expected.
  • The app has integrated tabs in it that are visible on the top of the chat.
  • The app shows the hosted content properly and the errors are handled well.
  • To start the functionality, details of the user are required as context from Microsoft Graph API. The tab has SSO enabled so it fetches a token from Microsoft.
  • It returns an error with token failure that the resource principal name is not found in the current tenant.
  • We came to know that our tab does not have multi-tenant support.
  • On converting the app to multi-tenant, it threw an error, on analyzing it, we came to know that we need a custom domain to make the app multi-tenant.

Issues:

  • Documentations given by the Microsoft team do not align with our scenario and we are not able to add a custom domain directly to the tab app we have to add it in the bot and then we access it in tabs using "/webtab".
  • Following the GitHub Wiki, we configured the app and now it is multi-tenant, supporting our custom domain. But after successful provision and deployment, it is unable to render the required tab.
  • For further details refer to: Question on Stackoverflow. After implementing the solution we achieved multitenant with custom domain. image

Active Errors:

  • Error inside teams environment switching to teams.OutOfRangeInputOne of the request inputs is out of range. RequestId:14e78267-001e-003c-7d43-95bea1000000 Time:2023-06-02T11:12:31.8502077Z Inside Teams
  • Error when manually opening the CDN URL in a browser
<Error>
    <Code>InvalidQueryParameterValue</Code>
    <Message>Value for one of the query parameters specified in the request URI is invalid. RequestId:f07560bf-301e-007a-3444-958a26000000 Time:2023-06-02T11:20:23.0757441Z</Message>
    <QueryParameterName>comp</QueryParameterName>
    <QueryParameterValue/>
<Reason/>
</Error>

direct url

  • If we open the old Tab URL in the browser the content (our app UI) is still rendered there, where we handle the error with token and teams environment (app can be used inside Teams tabs only) dependency by rendering AUTH error page. Ignore the content inside as it is a custom text. It is supposed to come when the admin of the organization had not allowed our app to access organization information. The app takes a token to access the data and here it is failing hence the screen is presented.

image

Primary Questions: For the given scenario.

  1. What should be our storage domain and endpoint in templates\azure\provision\azureStorageTab.bicep?
  2. What should be "m365TenantId": "common"or"${{AAD_APP_TENANT_ID}}"in the filetemplates\azure\azure.parameters.dev.json`?
  3. What will be the right value for "signInAudience": "AzureADMultipleOrgs" in aad.manifest.json?
  4. What will be the right value for
"identifierUris": [
       "api://${{PROVISIONOUTPUT__AZURESTORAGETABOUTPUT__DOMAIN}}/botid-${{BOT_ID}}"
   ]

in aad.manifest.json? 5. Right value for

    "auth": {
        "frontendDomain": "custom.domain.com/webtab"
    }

in .backup\.fx\configs\config.local.json? 7. What would be the value for Application ID Uri in Azure?

Aad App id uri 8. What should be the auth url "m365OauthAuthorityHost": "${{AAD_APP_OAUTH_AUTHORITY_HOST}}" in in the file templates\azure\azure.parameters.dev.json and Azure aad?

Expected behavior After implementing the multi-tenant app should render the tab UI inside teams or manually opening the custom domain URL in a browser but it is not happening.

Teams Toolkit - VS Code Extension Information:

  • OS: Windows 10
  • Version v5.0.0

We are unable to upload screenshots in forum question hence adding here. image

Explored Resources

Tab Multi-tenant handling (Step by step)

  1. Multi tenancy Support for Azure AD app : https://github.com/OfficeDev/TeamsFx/wiki/Multi-tenancy-Support-for-Azure-AD-app
  2. https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-modify-supported-accounts#why-changing-to-multi-tenant-can-fail
  3. https://github.com/OfficeDev/TeamsFx/blob/main/docs/fx-core/aad-help.md#action-1-note-frontend-info
  4. https://github.com/OfficeDev/TeamsFx/blob/main/docs/fx-core/aad-help.md#action-2-provision-cdn-profile-on-azure-portal
  5. https://learn.microsoft.com/en-us/azure/cdn/cdn-create-new-endpoint
  6. https://github.com/OfficeDev/TeamsFx/blob/main/docs/fx-core/aad-help.md#scenario-one-setup-cdn-as-storage-custom-domain
  7. https://learn.microsoft.com/en-us/azure/cdn/cdn-create-new-endpoint#create-a-new-cdn-profile
  8. After completing all steps => Deployed => https://github.com/OfficeDev/TeamsFx/wiki/Manage-AAD-application-in-Teams-Toolkit#how-to-view-the-aad-app-on-the-azure-portal-for-v5
  9. Grant tenant-wide admin consent to an application

Error Support

Similar Resources


Microsoft Teams | Development
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.