Unable to Sign-in via Azure AD (Entra) to the API Management Developer Portal
Overview
Recently I came across an issue while trying to set up Azure AD (Microsoft Entra) login for the Developer Portal in API Management. The goal was to allow users to sign in using their Azure accounts instead of creating separate usernames and passwords, reducing the need for credential management.
To configure Azure AD as the identity provider, I followed Microsoft’s recommended approach by using the Enable Azure AD button available in the Developer Portal > Portal Overview section of the API Management instance.
This automatic setup handles the manual steps of registering the Azure AD application, assigning the necessary permissions, and linking it to the Developer Portal.
While the setup process is straightforward, I encountered an issue during sign-in. After enabling Azure AD and attempting to log in with an account from the target Azure tenant, I received the following error:
It seemed that the authentication request was being routed to my home tenant instead of the client’s tenant. This issue also occurred when testing the Developer Portal on my own Azure subscription.
Resolving the Issue
After some troubleshooting, I discovered that the problem was related to the Signing tenant configuration in the Azure AD identity settings. To resolve the issue, I specified the client’s Azure tenant in the Signing tenant field. Here’s how I fixed it:
- Open the Azure portal and navigate to the API Management instance in question.
- Go to Identities > Azure Active Directory.
- Set the Signing tenant to the target tenant’s domain (e.g.,
clientname.onmicrosoft.com).
4. Leave the other settings as they are and save.
This change ensured that authentication requests were sent to the correct Azure tenant, and users could successfully sign in using their Azure accounts.
Sign-in using Azure Entra now works happily!
