Objective: Make the Tab multi-tenant.
Scenario: There is a bot and we added a static tab as a feature. Add a feature was available in the Teams toolkit version 4.x.x. The tab is working fine after deploying to the organization.
As the next step in our progress, we submitted our app for testing to the Microsoft team and came to know that our tab is not rendering in other organizations.
In our own organization, there is no error but in case of using the app in another org, we are unable to get the token to connect to graph API and azure.
**error_description **:
"AADSTS500011: The resource principal named api://xxxxxxxxx6tab.z13.web.core.windows.net/botid-4xxxxxxx-1xxx-xxxx-xxxx-xxxxxxxxxxxx was not found in the tenant named 4z8g2m. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: xxxxxxx5-xxx4-xxx9-xxxc-xxxxxxxxxx0\r\nCorrelation ID: xxxxxxxxce-xxx3-xxx8-xxx5-xxxxxxxxxxxxx3\r\nTimestamp: 2023-05-30 01:45:04Z" error_uri : "https://login.microsoftonline.com/error?code=500011" timestamp : "2023-05-30 01:45:04Z" trace_id : "xxxxxxx5-xxx4-xxx9-xxxc-xxxxxxxxxx0"
On exploring more details we came to know that our Azure AppName-add that got generated during the deployment was single-tenant. To make the app accessible in multiple org we need to make the app Multi-Tenant.
For this, we had to change our app's supported account type.
**Blockers **:
To change this we have to use a custom domain as it does not allow to update the account type on an unverified domain. This domain and uri was auto-generated during deployment so we don't have direct access to it.
If we check the documentation and other associated blogs it says we will get Custom domain option in list but we dont have any. Check above screenshot for the same.
Issue : When we added custom domain it also didn't worked and our custom domain threw error.
Still our app is not multi-tenant. When we open the generated static tab url it opens our web app with the error. We handled such error with error screen.
Please comment back if more details are needed.
Followed Resources to fix :
- https://www.c-sharpcorner.com/blogs/azure-new-restrictions-to-azurewebsitesnet-domain
- https://azure.github.io/AppService/2020/07/28/zero_to_hero_pt5.html#upate-dns
- https://learn.microsoft.com/en-us/azure/virtual-machines/custom-domain?wt.md_id=searchAPI_azureportal_inproduct_rmskilling&sessionId=37f4413221b54953aa1b751b4fb8a130
- https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains
- Error after changing my Application ID URI to CDN endpoint
- Cannot Provision Teams App due to Storage domain conflict
- Redirect URI for MSAL authentication in (React app for MS Teams)
Current status of issue (Addition of custom Domain and make the app multi-tenant ): Not worked Possible issues
- Not sure if the redirection of the tab url is working properly to custom domain.
- Multiple redirections taking place.
- Unable to find clues from DNS lookup
- App is unable to get hosted on the desired URL (if required).
- Implemented all approaches mentioned in above blogs and docs but nothing worked.
- Difficulties: Bot Framework got upgraded to version 5 on (17/05/2023). Documents and the options are not aligning as they are old.
Similar Questions Associated with problem & errors :
- Cannot update authentication as Multi tenant under registered application in Azure
- https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=root%2Cazurecli
- https://dev.to/dailydevtips1/adding-a-custom-domain-to-azure-app-service-28bh
None of the above listed methods are working
