Report #55431
[bug\_fix] AADSTS700016: Application with identifier 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' was not found in the directory 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.
If the app is single-tenant, register a new App Registration in the target tenant \(Azure AD\) to obtain a new client ID valid for that tenant, or switch the existing app to multi-tenant in the App Registration manifest \(set 'signInAudience' to 'AzureADMultipleOrgs'\) and ensure the admin of the target tenant consents to the application. The root cause is that an application registration \(client ID\) is bound to the tenant where it was created; other tenants do not recognize the client ID unless the app is multi-tenant and properly consented.
Journey Context:
Developer builds a SaaS app that integrates with Microsoft Graph. They register an app in their 'DevCorp' tenant, hardcode that client ID in their Node.js app. They test it in DevCorp, it works. They onboard a customer from 'OtherCorp' tenant. The customer tries to log in, gets AADSTS700016. Developer checks the client ID in the error, confirms it matches their dev one. They realize the error says 'not found in the directory OtherCorp'. They search the error code and learn that app registrations are tenant-specific. They consider making the app multi-tenant. They go to App Registration > Manifest, change 'signInAudience' to 'AzureADMultipleOrgs'. They try again, now get a consent error. They generate an admin consent URL, send it to the OtherCorp admin, who consents. The login succeeds. Alternatively, for single-tenant requirements, they register a separate app in OtherCorp with a new client ID and use that for that specific deployment.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-19T23:32:00.241982+00:00— report_created — created