AZURETENANTID - Detailed description

Overview

Parameter: AZURETENANTID
Category: Login
Default value: (empty)
Product: eTASK.Login

What does this parameter do?

AZURETENANTID stores the unique directory ID (tenant ID) of your Microsoft Azure Active Directory organization. This ID identifies your Azure tenant and is required, along with AZURECLIENTID, to enable Azure login on the portal. The tenant defines which organization in Azure is responsible for authentication.

What is this parameter used for?

The parameter is used when:

• Users need to sign in to the portal with their Microsoft 365 or Azure AD accounts

• Azure Active Directory authentication needs to be configured

• Users need to be imported from a specific Azure AD tenant

Technical Details

Format: GUID (Globally Unique Identifier)
Default value: (leer)

Valid value:

• A GUID in the format: 12345678-1234-1234-1234-123456789abc

• Example: b8e4f0e2-3c5d-7e9f-0a2b-4c6d8e0f3a4b

Important notes:

• The client ID must be entered exactly as it appears in Azure

• Together with AZURECLIENTID, this parameter forms the authentication pair for Azure

• The tenant ID defines the authority URL for Microsoft authentication

• The GUID is not case-sensitive

When should you change this value?

Set the value (enter the GUID) if:

• You want to enable Azure Active Directory sign-in for your organization

• You want to use Microsoft 365 integration for your company

• You want to automatically synchronize users from your Azure AD directory

Leave the value blank if:

• You do not need Azure Active Directory integration

• You use only on-premises portal accounts or classic Active Directory

• Your organization does not have a Microsoft 365 or Azure tenant

Important Notes

1. Azure tenant required
   You need a Microsoft Azure tenant. Every Microsoft 365 organization automatically has an Azure AD tenant. You can find the tenant ID in the Azure Portal overview under "Directory ID (Tenant)".

2. AZURECLIENTID also required
   The tenant ID alone is not sufficient. You also need the application ID (client ID) in the AZURECLIENTID parameter to complete authentication.

3. Defines the authentication authority
   The tenant ID is used to construct the Microsoft authentication URL: https://login.microsoftonline.com/IHRE-TENANT-ID

4. Tenant-specific permissions
   Only users from the configured Azure AD tenant can sign in via Azure. Guest users from other organizations require special configuration.

5. Difference from AZURECLIENTID
   AZURECLIENTID identifies your portal application; AZURETENANTID identifies your organization. Both are required together for secure authentication.

Security

Does changing this parameter affect security?

Yes, the correct configuration of this parameter is important for the security of Azure authentication.

Benefits:

• Ensures that only users from your organization can sign in

• Uses Microsoft’s secure OAuth 2.0 authentication

• Prevents unauthorized access from external Azure tenants

• Enables centralized security policies via Azure AD

Note:

• An incorrect tenant ID prevents all Azure users from signing in

• The tenant ID itself is not confidential, but should only be known to authorized administrators

• Changes to this parameter affect all users who use Azure sign-in

• Additional considerations are required for multi-tenant applications

Recommendation: Use your own organization’s tenant ID and verify it carefully. Document which Azure tenant has been configured to avoid confusion. For organizations with multiple Azure tenants, ensure that the correct tenant has been selected.

Practical example

Initial situation: A medium-sized company with 300 employees uses Microsoft 365 with the domain "examplecompany.de". The IT department wants to set up Azure sign-in on the portal so that employees can log in with their usual Microsoft accounts.

Configuration:

1. The IT administrator logs in to the Azure Portal (portal.azure.com)

2. Navigates to "Azure Active Directory" → "Overview"

3. Copies the "Directory ID (tenant)": c9f5e6d3-4a8b-7c2d-9e1f-5a3b8c6d9e2f (Example)

4. Copy the "Application ID (Client)" of the portal app: a7f3e9d1-2b4c-6d8e-9f1a-3b5c7d9e1f2a (Example)

5. Set AZURETENANTID = c9f5e6d3-4a8b-7c2d-9e1f-5a3b8c6d9e2f (Example)

6. Set AZURECLIENTID = a7f3e9d1-2b4c-6d8e-9f1a-3b5c7d9e1f2a (Example)

7. Sets AZURELOGINACTIVE = 1

After the change:

• Employees see the "Sign in with Microsoft" button on the sign-in page

• They click it and are redirected to login.microsoftonline.com/c9f5e6d3...

• Microsoft authenticates them against the tenant "musterfirma.de"

• After successful sign-in, they are redirected back to the portal

Result: The 300 employees can sign in with their usual Microsoft 365 accounts. The IT department manages user accounts centrally in Azure AD and benefits from features such as multi-factor authentication and conditional access.

Recommended setting

For standard installations:(leer)(not configured)

Reason:

• Azure integration requires a Microsoft 365 or Azure tenant

• Not all organizations use Microsoft cloud services

• The default state enables classic sign-in methods without Azure dependency

Exceptions (Microsoft 365 organizations):

• Set the tenant ID from your Azure Portal if you use Microsoft 365 or Azure AD

• Combine with AZURECLIENTID and AZURELOGINACTIVE for full integration

• Especially important for organizations that use central identity management via Azure AD

Tip: Store the tenant ID in a secure location and document which organization it belongs to. This is particularly important for larger companies with multiple Azure tenants. Test the configuration with a test user first before rolling it out to all employees.