Converting a Single Tenant App to Multi-Tenant

Question

What are the steps required to convert a single tenant app to a multi-tenant app? Specifically, what updates do we need to make to the access token and claims to support multi-tenancy? It would be helpful to see examples of what a multi-tenant app access token should look like and the specific claims that need to be included.

Additionally, can you recommend which API we should use to convert our single-tenant app to multi-tenant? We have reviewed this guide: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant, but we need more clarity on how to optimize our current access token and which API to use.

Answer 1

Hello @Rishabh Srivastava , converting an single tenant Entra app registration to multi-tenant requires changes in its app manifest. More specifically, chaging the signInAudience from AzureADMyOrg to any other available, and accessTokenAcceptedVersion to 2 if signInAudience is AzureADandPersonalMicrosoftAccount. Access tokens are pretty much the same, no inmmediate optization is required. However, special considerations apply for multi-tenant applications that are detailed in the refered link and also here.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.