How can I allow public login on my app registration in my Azure Tenant?
Question
I'm trying to create an app hosted in Azure that (should) allow public login, as long as you have a Microsoft account. I don't care if it's a business or personal account. You just need to be able to log in. I'm creating a SPA and an API.
So I went to the Azure portal and created an app registration and configured the app reg to allow all users from within, or outside the organization with a valid personal or business Microsoft account.
Now the SPA is an Angular app and I use Damien Bod's OpenId library to log in. When I point the stsServer to my login endpoint ( https://login.microsoftonline.com/{my-tenant-id}/v2.0 ) and log in, all works fine, except when I log in using an account outside the organization (for example my personal account).
I get receive the following error:
AADSTS50020: User account 'xxxx@xxxx.xxx' from identity provider 'https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/' does not exist in tenant 'Default Directory' and cannot access the application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'(App Name) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Now the problem is that I simply don't want to add all these users, but allow them access to this app. How can I do that?
Thanks a bunch!
1 answers
solution1
3 ACCPTED 2020-10-24 08:25:12
If you want to allow any account to sign in, you can't use your tenant-specific login endpoint. You need to use the "common" endpoint: https://login.microsoftonline.com/common/v2.0 . This allows login with any Azure AD / Personal Microsoft account.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.