Using multi-tenant Microsoft Entra ID delegated APIs from different tenants
- 2024-10-30 Added Microsoft Entra ID API and an Azure AD B2C UI multi-tenant application
- 2024-10-25 Updated packages
- 2024-10-06 Updated security headers
- 2024-10-05 Updated packages
- 2024-06-22 Updated packages
- 2024-01-14 Updated packages
- 2023-11-22 Updated .NET 8
- 2023-11-03 Updated packages, fixed security headers
- 2023-08-27 Updated packages
- 2023-06-08 Updated packages
- 2023-04-29 Updated packages
- 2023-03-02 Updated packages
# Connect-AzureAD -TenantId '<UI-tenantId>'
# New-AzureADServicePrincipal -AppId 'ClientId-from-multi-tenant-api'
Connect-AzureAD -TenantId 'e8b4665e-8ad9-4e12-8c3f-0d48ddb58d16'
New-AzureADServicePrincipal -AppId 'ca8dc6a9-c0de-4dfb-8e42-758ef311d8ab'
- Open the Enterprise Applications blade
- Find your enterprise application using the guid ObjectId from the powershell script
- Open the permissions blade
- Grant Admin consent if you require to use local tenant permissions
Permissions used in the AAD API
- none
- multi-tenant-api
Validate the UI client ID in the API to only allow ATs from known Azure AD B2C tenants.
https://damienbod.com/2023/01/02/azure-ad-multi-tenant-azure-app-registration-consent/
https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens