[英]MS Graph API permission for multiple tenant
We have an web application that use Graph APIs, we granted it application permissions in app registration.我们有一个使用图形 API 的 web 应用程序,我们在应用程序注册中授予它应用程序权限。 Now we want to put the application to Microsoft App Source, is it possible to allow user of other tenants to use the permission of the app registration in our tenant?现在我们想把应用程序放到Microsoft App Source,是否可以让其他租户的用户使用我们租户中注册的应用程序的权限? For example, one of the APIs is for creating calendar event to some users in this tenant, if use multi-tenant app registration, can people from other tenant create calendar event in their tenant successfully?例如,其中一个 API 用于为该租户中的某些用户创建日历事件,如果使用多租户应用程序注册,其他租户的人是否可以在其租户中成功创建日历事件?
if use multi-tenant app registration, can people from other tenant create calendar event in their tenant successfully?如果使用多租户应用程序注册,其他租户的人可以在他们的租户中成功创建日历事件吗?
Agree with @Tiny Wang, Yes we can do this, the multi-tenant Azure AD app should obtain authorization from other tenants, and when other tenants wish to create calendar events in their own tenant, they should specify their own tenant id when generating access tokens.同意@Tiny Wang,是的,我们可以这样做,多租户Azure AD应用程序应该获得其他租户的授权,当其他租户希望在自己的租户中创建日历事件时,他们应该在生成访问时指定自己的租户ID令牌。
You can implement Get access without a user
and use Application permission to access for create calender event.您可以Get access without a user
权限,并使用应用程序权限访问创建日历事件。
Make sure that we need to get administrator consent
for each tenant where we need to access.确保我们需要为我们需要访问的每个租户get administrator consent
。
For example if one app is registered in TenantA
.例如,如果一个应用程序在TenantA
中注册。 And you want to access for create calender event in TenantB
.并且您想访问以在TenantB
中创建日历事件。 Then we need to do admin consent as mentioned below and Log in with an admin account of TenantB
to do the admin consent for TenantB
然后我们需要如下所述进行管理员同意并使用 TenantB 的admin account of TenantB
进行admin consent for TenantB
To access the following url in a browser.在浏览器中访问以下url。
https://login.microsoftonline.com/{TenantB}/adminconsent
?client_id={ app registered in TenantA}
&state=12345
&redirect_uri={app registered in TenantA}
Then we will get an access token to create an calender event for the tenant B.然后我们将获得一个访问令牌,为租户 B 创建一个日历事件。
For more information please refer the below links:有关更多信息,请参阅以下链接:
SO THREAD |所以线程| Error trying to access other tenant users calendars, using MS Graph API & Multi tenant support for Microsoft Graph API 尝试访问其他租户用户日历时出错,使用 MS Graph API和Microsoft Graph 的多租户支持 API
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.