Authentication with Microsoft Azure AD in a multi-tenant app

Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, Also, the app has user assignment (as pointed out here) set to No

enter image description here

After, created another Tenant (different directory) and invited the external user That's the user I'm getting troubles logging into the previously created app.

Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2 (from here).

As I try to authenticate now, it works well with but with gives the following error

Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

Microsoft Auth Error

The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to

As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL is

BASE_URL = "https://{authority_host}/{tenant_id}"

Since authority_host = "" and tenant_id="common", we'd get the wrong url.

Changing that and signing in with the same user and now I get a request to add the permissions

enter image description here

Reported that issue here too.

Back to Top