Multi-tenant MS 365 support

Hi,
currently, Zammad allows to configure a single MS 365 tenant, see admin documentation:
https://admin-docs.zammad.org/en/latest/channels/microsoft365/accounts.html

Thus so far it only possible to add email accounts that belong to a single MS 365 tenant.

Consider adding to Zammad’s roadmap a feature to configure more than one (unlimited) MS 365 tenant - please add/develop a multi-tenant MS 365 support.

Here is a link to a similar technical assistance request:

That is not correct.
If you don’t use tennant specific apps this should work out of the box already.

I in my on-prem v5.0 community Zammad, once configured a Microsoft 365 app, I can only add email accounts that belong to the same MS Azure/MS365 tenant, where I configured the Microsoft 365 app.
Trying to add MS365 email accounts from other tenants - the browser navigates to url:
https://login.microsoftonline.com/[currently_added_tenant_tld]/oauth2/v2.0/authorize?

When providing MS365 account credentials that belong to another MS tenant the MS service throws an error:

Sorry, but we’re having trouble with signing you in.
User account 'xxxxx@tenant2-domain.com' from identity provider 'https://sts.windows.net/XXXXXXXXXXX/' does not exist in tenant '[Configure-tenant-name]' and cannot access the application 'YYYYYYYYYYYYYY'(Zammad) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

As I said: You’re using tennant specific app configurations.
The documentation does roughly state the differences.

You’lll wanna look at “Supported account types”.
This is as far as I can help.

Evidently, you mean adding an MS365 email account via IMAP protocol.
Adding via IMAP works well for a personal outlook/hotmail account.
However, it doesn’t work for an MFA-enabled MS365 email account.

Ok, I got that you refer to the following URL in admin documentation:
https://admin-docs.zammad.org/de/latest/settings/security/third-party/microsoft.html?highlight=Supported%20account%20types#limitations

This states the following:

Supported account types:
Please note that Zammad only supports these account types (App dependent):
> * Accounts in this organizational directory only (Default Directory only - Single tenant)
> * Accounts in any organizational directory (Any Azure AD directory - Multitenant)
> * Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

I need to say that I have configured Zammad in my Azure to allow the most open concept:
- Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts
Would you be so kind to share the know-how on how to add email accounts from other MS365/Azure tenants once you have added first MS tenant?

I need to confess that I could succeed in adding another tenant’s emails - to achieve it you should clear (left empty) “TENANT UUID/NAME” field on the “Configure (MS365) App” form.

The topic can be closed.

Wrong thread. Please don’t hijack / recycle other topics - especially not in feature request categories. Open your own technical assistance thread, please.

1 Like

Sorry, thought the topic would fit.
Moving it to here: Use multiple office 365 channels