Small and medium business | Business Central, N...

Request Token Failed for Single Tenant

(0) Share

Report

Posted on by Yukon

714

Hello all,

We are facing below issue when we setup One Drive, Mail, Power BI Integration with On Premise. We cannot use multi tenant when we do the App Registration. MS Document also said, we can use single tenant if we are not going to use multi tenant.

Here is part of MS Documentation

Specifies the accounts that you would like your application to support. If you're going to use different Azure AD tenants for different Business Central tenants, then select Accounts in any organizational directory (Any Azure AD directory - Multitenant). Otherwise, you can choose Accounts in this organizational directory only (Single tenant).

Error on Event Viewer

Server instance: XXXXXX
Category: Security
ClientSessionId: xxxxxx-xxxxx-xxxx-xxxx-b6a148ee6388
ClientActivityId: xxxxxx-xxxxx-xxxx-xxxx-93a5aa1988c3
ServerSessionUniqueId: xxxxxx-xxxxx-xxxx-xxxx-91524c9c9d7f
ServerActivityId: xxxxxx-xxxxx-xxxx-xxxx-082786d39a8a
EventTime: 12/23/2022 02:06:54
Message Microsoft.Dynamics.Nav.LicensingService.Model.Exceptions.LicenseServiceAdalServiceException in
AcquireTokenByAuthorizationCodeAsync (action id: 265340aa-46c8-4d4f-a601-5b0876deeb0d):
AADSTS50194: Application 'xxxxxx-xxxxx-xxxx-xxxx-7'(Business-Central-SingleSign-On) is not configured as a multi-tenant application.
Usage of the /common endpoint is not supported for such applications created after '10/15/2018'.
Use a tenant-specific endpoint or configure the application to be multi-tenant.
Trace ID: xxxxxx-xxxxx-xxxx-xxxx-f6a1373b1901
Correlation ID: xxxxxx-xxxxx-xxxx-xxxx-30978f021e3f
Timestamp: 2022-12-23 02:06:54Z
ProcessId: 9300
Tag: 0000I7R
ThreadId: 27
CounterInformation:
CustomParameters: {
}
GatewayCorrelationId:

You can see MS Base App is making hard code to generate the AuthEndPoint. How can we replace tenant id instead of "common"? Or How you guy solve this issue?

On Premise Version

Update 21.2 for Microsoft Dynamics 365 Business Central 2022 Release Wave 2

Application Build 21.2.49990

Platform Build 21.0.49984

Just FYI, Event we hit this error, we still can get authorization code but there has error popup and stop the process.

All responses (3)

Answers (0)

Suggested answer

DAnny3211 9,272 Super User 2024 Season 1 on at

Like (0)

Report

RE: Request Token Failed for Single Tenant

hi

look this

www.kauffmann.nl/.../

DAniele
Yukon 714 on at

Like (0)

Report

RE: Request Token Failed for Single Tenant

Hello Marco Mels,

I'm really appreciate your reply.

It's working if we set AzureADMultipleOrgs for SignInAudience. But it should work for AzureADMyOrg as well. Some companies are not allow to use (Any Azure AD directory - Multitenant) as per their security policy and we cannot force them to change their policy as well.

You can see, MS made hardcode to get "AzureADAuthEndPoint" and there has no way to override this code. Seem like bug.
[quote user="Marco Mels"]we will update our docs related to setting up enhanced email[/quote]
it's not only for email. It effect to OneDrive,PowerBI as well

Thank a lot for your support and happy new year ...!
Suggested answer

Marco Mels on at

Like (1)

Report

RE: Request Token Failed for Single Tenant

Hello,

We received a few support requests around this topic. As a result, we will update our docs related to setting up enhanced email. The new requirement is to configure the Azure AD app registration as multitenant.

In the manifest of the Azure AD app you can change the following key:

SignInAudience => AzureADMyOrg

Change to:

SignInAudience => AzureADMultipleOrgs

Save the changes for the changes to take effect.

/Common/ is no longer supported by Azure but you can still use {AADTENANTID} in the customsettings.config file for the two relevant keys.

Thank you.