Granting Secondary Tenant Access to FME Flow in Azure AD

If the Azure Active Directory enterprise application for FME Flow (Configuring Azure Active Directory with FME Flow) is registered for multiple tenants, you can configure additional, or secondary, tenants to use it. Once configured, FME Flow uses the enterprise application credentials to access the users and groups of these tenants.

This configuration is performed in Azure Active Directory, and requires the following procedures:

  1. Grant secondary tenant access to FME Flow, performed by an administrator in the primary tenant.
  2. Grant FME Flow access to secondary tenant users and groups, performed by an administrator in the secondary tenant.

Grant Secondary Tenant Access to FME Flow

  1. Identify an administrator on the primary tenant. This user grants secondary tenant access to FME Flow.
  2. In the secondary tenant, navigate to Users > + Add guest user and invite that administrator. Enter the User Principle Name from the previous step as their email.
  3. Navigate to https://login.microsoftonline.com/<tenantId>/adminconsent?client_id=<clientId>, where <tenantId> is the secondary tenant ID and <clientId> is the FME Flow Application (client) ID.
  4. Sign in as the administrator. A dialog opens that allows you to grant secondary tenant access to FME Flow.
  5. Mouse-over for example:

Grant FME Flow Access to Secondary Tenant Users and Groups

  1. Navigate to the URL from step 3 in the previous procedure (above).
  2. A “Need admin approval” dialog opens.
  3. Mouse-over for example:

  4. Sign in as an administrator of the secondary tenant.
  5. A dialog opens that allows you to grant FME Flow access to secondary tenant users and groups.
  6. Mouse-over for example: