Is there any valid way to revoke admin consent / remove service principal for a Multi tenant app in a client tenant

Question

Hello,

It is a SAAS story.

First, I would like to collect some information in client tenants. One way to perform this task is to create a multi tenant application and work with client tenants with it. So, I have a multi tenant application in my tenant (an Application object and a Service Principal object). Then I have asked for an admin consent for each client tenant. Currently, I have a Service Principal object with all the required permissions consented in client tenants. I can successfully obtain any information I need in these tenants.

Later, I want my application to stop working for some of these tenants. I would like to break "the connection" with my application in a one-sided way. Are there any options available? Or is there any other, a much more proper approach to do all of that?

Thanks in advance!

Answer 1

Consent is granted/revoked by the tenant "consuming" the application, you as the owner of the app don't have a say in it. If you want to block your app for specific tenants, do it in code. For example, you can examine the access token and get the tenant information from there, then disable any processing for "blocked" tenants.

Answer 2

Hello @Nikita Krivets ,

Thanks for reaching out and apologize for delayed response.

I would like to share this thread where similar question was asked and answered already.

Hope this helps.

Regards,
Siva

Answer 3

Hello @Nikita Krivets ,

We have a similar scenario for our app, did you find a way to remove/revoke the child tenant?

thanks
Ravi