Bot Framework - App registration - Single tenant vs Multi tenant

Question

Hi,

We are trying to deploy a bot built with the bot framework in our organization but we failed to understand why it is necessary to register the App as a Multi-Tenant App. The bot will only be used in our organization and the user would sign-in only from our organization, so we would prefer to deploy it as a single-tenant application.
Is that possible ?

My reference for that is this documentation
https://learn.microsoft.com/en-us/azure/bot-service/bot-service-quickstart-registration?view=azure-bot-service-4.0#manual-app-registration

Thanks

Answer 1

Hi there,

I just check with the pm, the multi-tenant organization is what enables the Azure Bot Service servers (in the botframework.com tenant) to authenticate requests coming from the bot (registered in the customer's tenant) through our servers. It's part of our service to service authentication protocol. it is not used for other purposes, and not to have any claims added to it for other access.

To authenticate users, you should utilize the user auth features in the bot service, you can sign in to AAD or Auth based authentication servers if you prefer.

Thanks,
Yutong

Answer 2

To user single tenant app, besides creating your AAD (now EntraID) app as single tenant, you also need to set your bot application to use single tenant endpoint, by setting the type + tenant id in appsettings.json https://github.com/microsoft/botbuilder-dotnet/pull/5829

2. Single Tenant:
{
  "MicrosoftAppType": "SingleTenant",
  "MicrosoftAppId": "",
  "MicrosoftAppPassword": "",
  "MicrosoftAppTenantId": ""
}