I can't change my Entra app to be multitenant

Soporte Ariel 0 Reputation points
2024-11-28T16:24:49.6666667+00:00

Hello,

I am encountering an issue while trying to update my application registration in Microsoft Entra ID to support multitenant accounts. The error occurs when I attempt to save the changes in the Authentication section or modify the Supported account types to “Accounts in any organizational directory (Any Azure AD tenant).”

The error message is as follows:

“Failed to update [Application Name]. Error detail: The URI scheme is invalid or unsupported.”

Here are the details of the setup and issue:

  1. The Redirect URI currently configured is:

https://

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,480 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,156 Reputation points Microsoft Employee
    2024-11-29T09:01:32.3066667+00:00

    @Soporte Ariel

    Thank you for posting this in Microsoft Q&A.

    As I understand you are trying to convert single tenant app to multi-tenant app and you are getting an error.

    When a single-tenant application is created in the Microsoft Entra admin center, one of the items listed on the Overview page is the Application ID URI. This is one of the ways an application is identified in protocol messages, and can be added at any time. The App ID URI for single tenant apps can be globally unique within that tenant. In contrast, for multitenant apps it must be globally unique across all tenants, ensuring that Microsoft Entra ID can find the app across all tenants..

    For example, if the name of your tenant was contoso.onmicrosoft.com then a valid App ID URI would be https://contoso.onmicrosoft.com/myapp. If the App ID URI doesn’t follow this pattern, setting an application as multitenant fails.

    The reason you're getting this error is because for multi-tenant AAD Application Registrations, with a multi-tenant app, the App ID URI has to be in a verified domain in your Azure AD and globally unique.

    For a single tenant application, it is sufficient for the App ID URI to be unique within that tenant.

    For a multi-tenant application, it must be globally unique so Azure AD can find the application across all tenants. Global uniqueness is enforced by requiring the App ID URI to have a host name that matches a verified domain of the Azure AD tenant.

    If the name of your tenant was contoso.onmicrosoft.com then a valid App ID URI would be https://contoso.onmicrosoft.com/myapp. If your tenant had a verified domain of contoso.com, then a valid App ID URI would also be https://contoso.com/myapp. If the App ID URI doesn’t follow this pattern, setting an application as multi-tenant fails.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.