Report #93456
[bug\_fix] Azure AADSTS700016 \(Application Not Found in Directory\)
Use the 'common' endpoint \(\`https://login.microsoftonline.com/common\`\) in the authorization request for multi-tenant apps, or ensure the application is registered in the target tenant.
Journey Context:
A SaaS developer is implementing multi-tenant authentication using Microsoft Entra ID. They register an application named 'MyApp' in their home tenant \(Contoso\) and configure it as multi-tenant. They provide a 'Login' link to a customer at Fabrikam. The authorization URL they construct uses \`https://login.microsoftonline.com/fabrikam.onmicrosoft.com/oauth2/v2.0/authorize\` with the client\_id from Contoso's app registration. When the Fabrikam user clicks the link, they receive the error \`AADSTS700016: Application with identifier 'xxxxx' was not found in the directory 'Fabrikam'\`. The developer checks the client ID repeatedly and verifies the user exists in Fabrikam. After consulting the error reference documentation, they understand that because the application object only exists in Contoso's directory, it cannot be found when the request is scoped specifically to Fabrikam's directory. The authorization request must target the \`/common\` endpoint \(or the \`/organizations\` endpoint\) to allow Azure AD to locate the app in its home directory \(Contoso\) and then trigger the admin consent flow to provision a service principal \(enterprise application\) in Fabrikam's directory. They change the URL to \`https://login.microsoftonline.com/common/...\` and the login proceeds to the consent screen, after which authentication succeeds and a service principal is created in Fabrikam's tenant.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T15:27:06.214500+00:00— report_created — created