2,063 questions
PME tenant Web App authentication/authorization through Microsoft tenant app registration
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 40%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYT%3C/text%3E%3C/svg%3E)
Yuchen Tang
0
Reputation points Microsoft Employee
Hi there,
I have a web app deployed in Microsoft tenant. And I have a service principal and app registration in Microsoft tenant with several app roles and api permissions like below:
And I have assigned those roles to a lot of users, groups and applications in Microsoft tenant. The app registration has been setup in web app authentication as an identity provider. And I could see claims in my app like below (response from /.auth/me):
Now we are asked to migrate our web app to PME tenant. We recreated the web app and deployed the app with the same code in PME tenant subscription. And we created a new app registration and service principal in PME tenant and setup multi-tenant to allow users in Microsoft tenant to login our app in PME by their microsoft.com user account. The authentication settings are like below:
app registration in PME tenant:
And now I could login my app deployed in PME successfully with my microsoft.com account. However, the problem is that all the app roles are missing in the token:
My app’s users and groups all exist in the Microsoft tenant, and it’s not possible for me to set up these roles again in the PME tenant. So, can I use the app registration in the Microsoft tenant as my authentication/authorization provider in the PME web app? This way, I can continue to use the app roles and API permissions of this Microsoft tenant’s app registration.