Why does “signInAudience”: “AzureADMultipleOrgs” cause 'The URI scheme is invalid or unsupported'

Said Rahmani 6 Reputation points

I am getting an error when trying to switch the Supported account types to: Accounts in any organizational directory (Any Azure AD directory - Multitenant)

I am using as IdentifierUris the amazon cognito urn:amazon:cognito:sp:XXXXXXXXXXX

alt text

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,654 questions
1 vote

2 answers

Sort by: Most helpful
  1. FrankHu-MSFT 971 Reputation points

    The reason you're getting this error is because for multi-tenant AAD Application Registrations, with a multi-tenant app, the App ID URI has to be in a verified domain in your Azure AD and globally unique.

    Reference document for more details: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant.

    Azure AD supports SAML protocol and it looks like you've done this already but just for extra reference see the info below.

    The application you register in App registration is usually used for OAuth/OpenID Connect protocol.

    To integrate SAML in Azure AD, please refer to this document: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app and register a non-gallery application in Enterprise applications.

    Go to Azure portal > Azure Active Directory > Enterprise applications > New application > Non-gallery applications. Please kindly note this requires Azure AD Premium license.

    And follow this link: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications to configure SAML authentication. Then I believe you could access your system(cognito) with Azure AD accounts using SAML.

  2. Rahat 1 Reputation point

    Thank you for sharing the update. Similar issue