Skip to content

Multi Cloud Support or Instance Aware

Bogdan Gavril edited this page Feb 25, 2022 · 8 revisions

What is instance aware?

  • Instance aware helps complete the scenario where any an account from any cloud can be signed-in using the default value for environment. If instance aware is not activated, the calling app has to provide the correct environment for the account.
  • It enables applications to pass in a default public cloud authority to the library and can still get tokens for resources (Graph) from national clouds.
  • The user and the resource should belong to single national cloud.
  • It is applicable only when using /organizations or /common in the authority url as compared to a tenantId guid.

What does it mean to enable multi-cloud support in MSAL?

With multi-cloud support enabled, user will have the option to create a PublicClientApplication with global authority and if a user enters a username from a national cloud, MSAL will return the token to access resource on the national cloud.

Currently, multi-cloud support is available for Interactive flows for web.

Sample to enable multi-cloud support:

    IPublicClientApplication pca = PublicClientApplicationBuilder
        .Create(AppId)
        .WithAuthority("https://login.microsoftonline.com/common")
        .WithMultiCloudSupport(true)
        .Build();

    // Acquire a token interactively
    AuthenticationResult result = await pca
        .AcquireTokenInteractive(s_scopes)
        .ExecuteAsync()
        .ConfigureAwait(false);

    // Get Accounts
    var accounts = await pca.GetAccountsAsync().ConfigureAwait(false);

    // Acquire a token silently
    result = await pca
        .AcquireTokenSilent(s_scopes, accounts.FirstOrDefault()) \\ Use the account to make the silent call
        .ExecuteAsync(CancellationToken.None)
        .ConfigureAwait(false);

Note: The environment used to acquire a token can be found using account.Environment to create a mapping to respective resource endpoint on the national cloud.

Getting started with MSAL.NET

Acquiring tokens

Desktop/Mobile apps

Web Apps / Web APIs / daemon apps

Advanced topics

News

FAQ

Other resources

Clone this wiki locally