Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,318 questions
Issues with allowing multi-tenant registration
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 95%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Tayler Nielsen
0
Reputation points
Hi there!
I'm positive I must be missing something simple, but going through countless posts and absolutely too many pages of documentation, I can't understand where I'm going wrong. I have an app registration, which was created to allow for multi-tenant signup from all Microsoft Types. The App Registration has 4 permissions, none of which require Admin-Permissions. The 4 permisisons are: Calendars.ReadWrite, offline_access, openid, and User.Read. All of these are Delegated permissions.
The app registration is using a code flow on a monolithic architecture, and the redirects have been configured. Personal accounts have no issues signing in, however other organization accounts are not able to sign up. I've confirmed numerous times that Supported Account Types includes Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts. I've also confirmed that Allowing Public Client Flows has been enabled, and Live SDK Support. The App Registration's Publisher Verification has been completed, and is in good standing. We are using /common for our endoints, as is required for multi-tenant applications
The end goal is to simply allow users to view/manage their calendar events in our application. What am I missing? What settings do I have to turn on to allow people to sign up with this OAuth system? Why am I finding no information on this online that does anything other than selecting "Multitenant"? The error we receive is that of "invalid_client", which typically indicates an issue with either the redirect or the client secrets, but again why would that work for an individual account even after a secret rotation? Grasping at straws here, and honestly don't even know where to view the logs for App Registration as there's NO LOGS anywhere on the app registration sidebar. So many questions, and even the process of asking a question is absolutely egregious. Please help!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 5%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SrideviM 2,540 Reputation points Microsoft External Staff2025-03-28T03:32:42.8566667+00:00 Hello Tayler Nielsen,
Could you provide the full error message and error code you're receiving? Also, share the exact authentication request URL and parameters (excluding sensitive details) to help diagnose the issue. If possible, please provide a screenshot of the Authentication tab from the Azure Portal for your App Registration to verify the settings.
-
SrideviM 2,540 Reputation points Microsoft External Staff
2025-03-30T15:57:07.7533333+00:00 Hello Tayler Nielsen,
Did you get a chance to see my previous comment and share us the more details? In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, please respond with more details and we will try to help.
Sign in to comment
Sign in to answer