快速入门:修改应用程序支持的帐户Quickstart: Modify the accounts supported by an application

在 Microsoft 标识平台上注册应用程序时,你指定了可以访问该应用程序的人员或帐户类型。When you registered your application with the Microsoft identity platform, you specified who--which account types--can access it. 例如,你可能只在你的组织中指定了帐户,该组织是一个单租户应用。For example, you might've specified accounts only in your organization, which is a single-tenant app. 或者,你可能在任何组织(包括你的组织)中指定了帐户,该组织是一个多租户应用。Or, you might've specified accounts in any organization (including yours), which is a multi-tenant app.

在本快速入门中,你将了解如何修改应用程序的配置,以更改可访问应用程序的用户或帐户类型。In this quickstart, you learn how to modify your application's configuration to change who, or what types of accounts, can access the application.

先决条件Prerequisites

更改应用程序注册以支持不同的帐户Change the application registration to support different accounts

若要为现有应用注册支持的帐户类型指定不同的设置,请执行以下操作:To specify a different setting for the account types supported by an existing app registration:

  1. 登录 Azure 门户Sign in to the Azure portal.

  2. 如果有权访问多个租户,请使用顶部菜单中的“目录 + 订阅”筛选器 ,选择要在其中注册应用程序的租户。

  3. 搜索并选择“Azure Active Directory” 。Search for and select Azure Active Directory.

  4. 在“管理”下,选择“应用注册”,然后选择你的应用程序 。Under Manage, select App registrations, then select your application.

  5. 现在,指定可使用该应用程序的人员,这有时称为“登录受众”。Now, specify who can use the application, sometimes referred to as the sign-in audience.

    支持的帐户类型Supported account types 说明Description
    仅此组织目录中的帐户Accounts in this organizational directory only 如果要生成仅供租户中的用户(或来宾)使用的应用程序,请选择此选项。Select this option if you're building an application for use only by users (or guests) in your tenant.

    通常称为业务线 (LOB) 应用程序,这是 Microsoft 标识平台中的单租户应用程序。Often called a line-of-business (LOB) application, this is a single-tenant application in the Microsoft identity platform.
    任何组织目录中的帐户Accounts in any organizational directory 如果希望任何 Azure AD 租户中的用户都能够使用你的应用程序,请选择此选项。Select this option if you'd like users in any Azure AD tenant to be able to use your application. 例如,如果要构建打算向多个组织提供的软件即服务 (SaaS) 应用程序,则适合使用此选项。This option is appropriate if, for example, you're building a software-as-a-service (SaaS) application that you intend to provide to multiple organizations.

    这在 Microsoft 标识平台中被称为多租户应用程序。This is known as a multi-tenant application in the Microsoft identity platform.
  6. 选择“保存”。Select Save.

更改为多租户可能会失败的原因Why changing to multi-tenant can fail

由于应用程序 ID URI (应用 ID URI)名称冲突,将应用注册从单租户切换到多租户有时可能会失败。Switching an app registration from single- to multi-tenant can sometimes fail due to Application ID URI (App ID URI) name collisions. 应用 ID URI 的示例为 https://contoso.partner.onmschina.cn/myappAn example App ID URI is https://contoso.partner.onmschina.cn/myapp.

应用 ID URI 是在协议消息中标识应用程序的方式之一。The App ID URI is one of the ways an application is identified in protocol messages. 对于单租户应用程序而言,应用 ID URI 仅需在该租户中保持唯一。For a single-tenant application, the App ID URI need only be unique within that tenant. 对于多租户应用程序而言,该 URI 必须全局唯一,以便 Azure AD 能够在所有租户中找到该应用。For a multi-tenant application, it must be globally unique so Azure AD can find the app across all tenants. 通过要求应用 ID URI 的主机名与 Azure AD 租户的其中一个已验证发布服务器域相匹配,来强制实施全局唯一性。Global uniqueness is enforced by requiring that the App ID URI's host name matches one of the Azure AD tenant's verified publisher domains.

例如,如果租户的名称为“contoso.partner.onmschina.cn”,则 https://contoso.partner.onmschina.cn/myapp 是有效的应用 ID URI。For example, if the name of your tenant is contoso.partner.onmschina.cn, then https://contoso.partner.onmschina.cn/myapp is a valid App ID URI. 如果租户具有已验证的域 contoso.com,则有效的应用 ID URI 也是 https://contoso.com/myappIf your tenant has a verified domain of contoso.com, then a valid App ID URI would also be https://contoso.com/myapp. 如果应用 ID URI 不遵循第二种模式 https://contoso.com/myapp,则将应用注册转换为多租户会失败。If the App ID URI doesn't follow the second pattern, https://contoso.com/myapp, converting the app registration to multi-tenant fails.

有关配置已验证发布服务器域的详细信息,请参阅配置已验证的域For more information about configuring a verified publisher domain, see Configure a verified domain.

后续步骤Next steps