Shaun Wilkinson 6/23/2026

Cross-tenant Azure auth with no secrets (and the AADSTS700236 trap)

Read Original

This article provides a technical guide for cross-tenant authentication in Microsoft Entra (Azure AD) without using secrets. It explains how to use Managed Identity, multi-tenant App Registration, and Federated Identity Credentials (FIC) to authenticate across multiple tenants. The article highlights a common mistake (AADSTS700236 error) where developers incorrectly assume tenant-to-tenant FIC works directly, and then presents the correct setup: creating a multi-tenant app in the home tenant, configuring FIC with the Managed Identity's issuer and subject, and registering the app in each target tenant. This approach eliminates secret management and rotation burdens, ideal for automations like multi-tenant reporting.

Cross-tenant Azure auth with no secrets (and the AADSTS700236 trap)

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

No top articles yet