Granting Secondary Tenant Access to FME Server in Azure AD

If the Azure Active Directory enterprise application for FME Server (Configuring Azure Active Directory with FME Server) is registered for multiple tenants, you can configure additional, or secondary, tenants to use it. Once configured, FME Server uses the enterprise application credentials to access the users and groups of these tenants.

This configuration is performed in Azure Active Directory, and requires the following procedures:

1. Grant secondary tenant access to FME Server, performed by an administrator in the primary tenant.
2. Grant FME Server access to secondary tenant users and groups, performed by an administrator in the secondary tenant.

Grant Secondary Tenant Access to FME Server

1. Identify an administrator on the primary tenant. This user grants secondary tenant access to FME Server.
2. In the secondary tenant, navigate to Users > + Add guest user and invite that administrator. Enter the User Principle Name from the previous step as their email.
3. Navigate to https://login.microsoftonline.com/<tenantId>/adminconsent?client_id=<clientId>, where <tenantId> is the secondary tenant ID and <clientId> is the FME Server Application (client) ID.
4. Sign in as the administrator. A dialog opens that allows you to grant secondary tenant access to FME Server.

Mouse-over for example:

Grant FME Server Access to Secondary Tenant Users and Groups

1. Navigate to the URL from step 3 in the previous procedure (above).
2. A “Need admin approval” dialog opens.

Mouse-over for example:



3. Sign in as an administrator of the secondary tenant.
4. A dialog opens that allows you to grant FME Server access to secondary tenant users and groups.

Mouse-over for example: