Epicor IdP Azure AD Integration Not Working Due to Multitenant Application Requirement in Azure AD

trustydavid · September 13, 2024, 5:02pm

Hey Guys, I’m putting this here as support as not been helpful on this issue. I am trying to integrate our Azure AD instance into Epicor IdP as a login method. However, Epicor requires you to configure your application as a multitenant application in Azure AD. The issue is that microsoft does not allow you to set multitenant applications if you do not own the login URI (which I obviously do not own epicor’s domain).

Has anyone been able to successfully configure Azure AD (Entra ID as its known now) into epicor IdP?

BenWheeldon · September 16, 2024, 8:51am

We have this setup internally and have numerous customers that have this set up with no issue.

You do need to mark the App Registration as Multi Tennant, and we have had no issues in doing so.

You mention a login URI, however you do not need to set a login URI, just a redirect URI.

trustydavid · September 16, 2024, 3:05pm

Hey Ben,

I am having issues marking it as multi-tenant. This is the problem I get when trying to mark it as multitenant:

The login URI that I mentioned was a mistype I meant to say that the Application ID URI found under “Expose an API” is not on a “tenant verified domain.”

I am still having issues with this multitenant requirement.

BenWheeldon · September 17, 2024, 2:29pm

Hi David,

I am not sure what steps you did to have the App registration in Entra have an Application URI. As the application i have set up in our tennacy does not have an Application ID URI.

Did you follow the guide on the Epicor Help Pages access through the ? at the top right of the IDP page?

Might be best to delete the Entra application you have registered and start again.

trustydavid · September 19, 2024, 4:07pm

Hey Ben,

Removing the application URI solved the problem, thank you so much! I wish Epicor provided better instructions for how to configure the settings in Entra ID