9

I'm an Office 365 user and I'm writing applications that use Azure AD to authenticate against. In all the examples I find, the tenant name they are using is a friendly name like onmicrosoft.com or domain.com. The tenant name I have to work with though is a guid.

Is there any way to change this? Doing things like calling the graph api just doesn't look right: https://graph.windows.net/12345678-aaaa-bbbb-cccc-dddddddddddd/groups?api-version=1.6

Joshua Dale
  • 1,773
  • 3
  • 17
  • 25
  • You can use the either the tenant name or the tenant ID in the Graph API url. – BenV Jan 14 '16 at 00:11
  • 1
    Where can I go to view the tenant name I should be using? If I click View Endpoints under my application, it shows the id only. – Joshua Dale Jan 14 '16 at 17:36

2 Answers2

5

You can qualify endpoint URLs with both a registered domain for the tenant (the default <tenant>.onmicrosoft.com and any other domain you registered under the tenant) and the tenantID, which comes in GUID format. Both approaches will yield the same result, the only difference is that the tenantID is more stable (guaranteed non reassignable).
You just need to find out what is one of the domains associated to your tenant - that should be visible in the UX when you perform an authentication - and instantiate it in the URL in lieu of the tenantID.

Mr Lister
  • 45,515
  • 15
  • 108
  • 150
vibronet
  • 7,364
  • 2
  • 19
  • 21
  • I think that's part of my confusion. I have the domain set up by Office 365 with a primary domain set, but I was having trouble using it as my OAuth 2 authorization endpoint. When I go to view endpoints the id is shown. – Joshua Dale Jan 14 '16 at 17:34
  • Is there a place in Azure AD I can look at to see what the tenant should be, or is it the section titled domains? – Joshua Dale Jan 14 '16 at 17:35
  • There isn't really a reverse lookup, given that normally you know at least one of the domains you own (if you use a @ as a test user, is normally a valid domain to use in the URL). The section under Domains should give you a list of domains you can use. If you want to be absolutely certain, get one of the domains you find there and apply the instructions in http://www.cloudidentity.com/blog/2014/11/18/from-domain-to-tenantid/ - if you find the same ID you saw in the endpoints list, you know they're equivalent. – vibronet Jan 14 '16 at 17:41
  • That's a cool trick. Exactly what I was looking for. I think using the tenant id as you stated is probably a better option though. I just wanted to be sure. Thanks! – Joshua Dale Jan 14 '16 at 17:46
  • I just realized it was your blog :) Stay tuned! I have more questions :D – Joshua Dale Jan 14 '16 at 17:51
  • @vibronet Ever since you posted that blog entry I've wondered if you got the inspiration from [my SO answer](http://stackoverflow.com/a/26386318/310446) ;) – BenV Jan 14 '16 at 18:08
  • hey Ben :) good answer but no, that wasn't the inspiration - that's very common practice, that day I got more than one question on the same topic on internal DLs and it pushed me to finally write it down in a publicly accessible place! – vibronet Jan 14 '16 at 18:16
-1

in simple terms if registered your organization as "HeyJoshua.onmicrosoft.com" then you can use HeyJoshua.onmicrosoft.com as tenant id

equivalent8
  • 13,754
  • 8
  • 81
  • 109