0

We have built a Teams Tab using the Teams Toolkit. When attempting to provision in the cloud I see the following error:

[Error] - Failed to update Application ID URI in Azure Active Directory. Please refer to the help link for further steps., Request failed with status code 500 Detailed error: Request failed with status code 500. Reason: Values of identifierUris property must use a verified domain of the organization or its subdomain: '{storageName}.z13.web.core.windows.net

I am setting the Application ID URI to https://{tenant}.onmicrosoft.com/{appId}

There is a storage location in azure with {storageName}.z13.web.core.windows.net.

When I click on "Provision in the cloud", the process attempts to change the Application ID URI to api://{storageName}.z13.web.core.window.net/{appId}.

Attempting to change the Application ID URI in the azure portal to api://{storageName}.z13.web.core.window.net/{appId} results in the exact same error as seen in the Provision process.

Do I have to not use the provided storage location in order to provision the app?

Is there a way to create storage at https://{tenant}.onmicrosoft.com/{appId}?

jpehman
  • 63
  • 7
  • How are you doing provision in cloud? Are you using ARM Template to create resources? If yes, you can refer below ARM template: https://github.com/OfficeDev/microsoft-teams-apps-faqplus/blob/master/Deployment/azuredeploy.json – ChetanSharma-msft Oct 11 '21 at 14:06
  • Also looks like you are using wrong format for Application ID URI. It should be like below: api://app Domain/{BotID} Example: api://newhireonbxxx.azuredfd.net/c6c1f32b-xxxx-49xx-xxxx-753cc1d563b7 – ChetanSharma-msft Oct 11 '21 at 14:09
  • I am using Visual Studio Code's Teams Toolkit extension and clicking the "Provision in the cloud" option under "Deployment". There is no botId. The ID I am using is the Azure App ID. – jpehman Oct 11 '21 at 18:00
  • identifierUris are User-defined URI(s) that uniquely identify a Web app within its Azure AD tenant, or within a verified custom domain if the app is multi-tenant. Could you please reverify if identifierUris for app resides in the tenant? Please refer this below issue, its in similar line: https://github.com/MicrosoftDocs/windows-uwp/issues/1717 – Prasad-MSFT Oct 12 '21 at 06:27

2 Answers2

1

You could follow the document to setup a CDN for your app.

Then in provision stage, Teams Toolkit uses your CDN domain for the Application ID URI: api://{cdnName}.azureedge.net/{appId}, which should resolve your issue.

Further more, you could add a custom domain to your CDN if the CDN domain is also regarded as an unverified domain. How to add a custom domain to CDN endpoint

Zhijie Huang
  • 41
  • 2
  • Thanks! It took a few more steps than that help had in mind, but it led me down the right path. – jpehman Oct 12 '21 at 15:47
0

I am the developer of Teams Toolkit in Microsoft, thanks for trying our new Toolkit. This error may because the Azure AD app is set to MultiTenant in "Supported account types".

Currently multi-tenant Azure AD app is not supported. You may follow the following steps to switch the Azure AD app to SingleTenant.

  1. Open Azure Protal (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps)
  2. Click "App registrations" and find your app
  3. Click "Authentication" and select SingleTenant in "Supported account types"
Dharman
  • 30,962
  • 25
  • 85
  • 135
Bowen Song
  • 169
  • 2
  • Why would a Teams Tab not be allowed to be multi-tenant? How can we deploy the app to be used by anyone on Teams as single-tenant? – jpehman Oct 13 '21 at 12:41
  • Azure AD app does not allow storage endpoint as App Id Uri. If you need to support multi-tenant, you can follow the solution Zhijie provided above. Thanks! – Bowen Song Oct 14 '21 at 01:58