Cross-tenant Azure auth with no secrets (and the AADSTS700236 trap)
Read OriginalThis article provides a technical guide for cross-tenant authentication in Microsoft Entra (Azure AD) without using secrets. It explains how to use Managed Identity, multi-tenant App Registration, and Federated Identity Credentials (FIC) to authenticate across multiple tenants. The article highlights a common mistake (AADSTS700236 error) where developers incorrectly assume tenant-to-tenant FIC works directly, and then presents the correct setup: creating a multi-tenant app in the home tenant, configuring FIC with the Managed Identity's issuer and subject, and registering the app in each target tenant. This approach eliminates secret management and rotation burdens, ideal for automations like multi-tenant reporting.
Comments
No comments yet
Be the first to share your thoughts!
Browser Extension
Get instant access to AllDevBlogs from your browser
Top of the Week
No top articles yet