如何修改應用程式所支援的帳戶How to modify the accounts supported by an application

向 Microsoft 身分識別平台註冊應用程式時,同時指定了誰 (哪些帳戶類型) 可以存取該應用程式。When you registered your application with the Microsoft identity platform, you specified who--which account types--can access it. 例如,您可能已在組織中指定帳戶,這是「單一租用戶」應用程式。For example, you might've specified accounts only in your organization, which is a single-tenant app. 或者,您可能已在任何組織 (包括您的) 中指定帳戶,這是「多租用戶」應用程式。Or, you might've specified accounts in any organization (including yours), which is a multi-tenant app.

在下列章節中,您會了解如何在 Azure 入口網站中修改您的應用程式註冊,以變更可以存取應用程式的使用者或帳戶類型。In the following sections, you learn how to modify your app's registration in the Azure portal to change who, or what types of accounts, can access the application.

PrerequisitesPrerequisites

變更應用程式註冊以支援不同的帳戶Change the application registration to support different accounts

若要針對現有應用程式註冊所支援的帳戶類型指定不同的設定:To specify a different setting for the account types supported by an existing app registration:

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 如果您有多個租用的存取權,請使用頂端功能表中的 目錄 + 訂用帳戶 篩選條件 來選取要在其中註冊應用程式的租用戶。

  3. 搜尋並選取 [Azure Active Directory] 。Search for and select Azure Active Directory.

  4. 在 [管理]下選取 [應用程式註冊],再選取您的應用程式。Under Manage, select App registrations, then select your application.

  5. 現在指定可以使用應用程式的人員,有時也稱為「登入受眾」。Now, specify who can use the application, sometimes referred to as the sign-in audience.

    支援的帳戶類型Supported account types 描述Description
    僅此組織目錄中的帳戶Accounts in this organizational directory only 如果您要建置的應用程式僅供「您」租用戶中的使用者 (或來賓) 使用,請選取此選項。Select this option if you're building an application for use only by users (or guests) in your tenant.

    通常稱為「企業營運應用程式」 (LOB) ,這是 Microsoft 身分識別平台中的 單一租用戶 應用程式。Often called a line-of-business (LOB) application, this is a single-tenant application in the Microsoft identity platform.
    任何組織目錄中的帳戶Accounts in any organizational directory 如果您想要讓「任何」Azure AD 租用戶中的使用者都能使用您的應用程式,請選取此選項。Select this option if you'd like users in any Azure AD tenant to be able to use your application. 例如,如果要建立要提供給多個組織的軟體即服務 (SaaS) 應用程式,則適合使用此選項。This option is appropriate if, for example, you're building a software-as-a-service (SaaS) application that you intend to provide to multiple organizations.

    這在 Microsoft 身分識別平台中稱為 多租用戶 應用程式。This is known as a multi-tenant application in the Microsoft identity platform.
  6. 選取 [儲存]。Select Save.

無法變更為多租用戶的原因Why changing to multi-tenant can fail

因為應用程式識別碼 URI (應用程式識別碼 URI) 名稱發生衝突,所以將應用程式註冊從單一切換到多租用戶有時會失敗。Switching an app registration from single- to multi-tenant can sometimes fail due to Application ID URI (App ID URI) name collisions. 範例應用程式識別碼 URI 為 https://contoso.onmicrosoft.com/myappAn example App ID URI is https://contoso.onmicrosoft.com/myapp.

「應用程式識別碼 URI」是其中一種可在通訊協定訊息中識別應用程式的方式。The App ID URI is one of the ways an application is identified in protocol messages. 在單一租用戶應用程式中,只要該租用戶內有唯一的應用程式識別碼 URI 即可。For a single-tenant application, the App ID URI need only be unique within that tenant. 就多租用戶應用程式而言,該 URI 則必須具全域唯一性,Azure AD 才能在所有租用戶中找到該應用程式。For a multi-tenant application, it must be globally unique so Azure AD can find the app across all tenants. 系統會透過要求「應用程式識別碼 URI」主機名稱必須與其中一個 Azure AD 租用戶的驗證發行者網域相符,來強制執行全域唯一性。Global uniqueness is enforced by requiring that the App ID URI's host name matches one of the Azure AD tenant's verified publisher domains.

例如,如果租用戶的名稱是 contoso.onmicrosoft.com,則有效的應用程式識別碼 URI 會是 https://contoso.onmicrosoft.com/myappFor example, if the name of your tenant is contoso.onmicrosoft.com, then https://contoso.onmicrosoft.com/myapp is a valid App ID URI. 如果租用戶的已驗證網域是 contoso.com,則有效的應用程式識別碼 URI 也會是 https://contoso.com/myappIf your tenant has a verified domain of contoso.com, then a valid App ID URI would also be https://contoso.com/myapp. 如果應用程式識別碼 URI 未遵循第二個模式,https://contoso.com/myapp,則系統無法將應用程式註冊轉換成多租用戶。If the App ID URI doesn't follow the second pattern, https://contoso.com/myapp, converting the app registration to multi-tenant fails.

如需設定已驗證之發行者網域的詳細資訊,請參閱設定已驗證的網域For more information about configuring a verified publisher domain, see Configure a verified domain.

後續步驟Next steps

深入了解將應用程式從單一租用戶轉換為多租用戶的需求。Learn more about the requirements for converting an app from single- to multi-tenant.