The reason you're getting this error is because for multi-tenant AAD Application Registrations, with a multi-tenant app, the App ID URI has to be in a verified domain in your Azure AD and globally unique.
Reference document for more details: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant.
Azure AD supports SAML protocol and it looks like you've done this already but just for extra reference see the info below.
The application you register in App registration is usually used for OAuth/OpenID Connect protocol.
To integrate SAML in Azure AD, please refer to this document: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app and register a non-gallery application in Enterprise applications.
Go to Azure portal > Azure Active Directory > Enterprise applications > New application > Non-gallery applications. Please kindly note this requires Azure AD Premium license.
And follow this link: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications to configure SAML authentication. Then I believe you could access your system(cognito) with Azure AD accounts using SAML.
@Said Rahmani , Just wanted to followup if you got a chance to check on the previous response. As your answers would really help us with the further investigation that is on-going in the backend.
@soumi-MSFT ,thanks for your reply, sorry i was busy in the previous days,
so, I have specified the IdentifierURI IdentifierURI as "urn:amazon:cognito:sp:XXXXXXXXX" in the manifest of the app, and when i try to toggle from singleTenant to multiTenant i got error
@Said Rahmani , Thank you for sharing the update. Similar issue I also faced while trying to achieve the same in my lab and hence working further on this to figure out the reason.
Stay tuned on this, will get back with some more updates shortly.
Sign in to comment