should help you out Try the following (I'm sure you've done most of this, but perhaps you missed a step): Log in to the Azure portal (https://manage.windowsazure.com) and navigate to ACTIVE DIRECTORY. Choose the directory that you aren't able to access via PowerShell and click ADD USER. Under 'TYPE OF USER', choose 'New user in your organization' and choose a username, under the initial domain (e.g. firstname.lastname@example.org). Fill out the next page, and make sure you assign the role of 'Global Administrator'. Make sure you copy the password in the last step. Once the user is created, you need to reset the password. An easy way is to start a new browser session and navigate to https://portal.microsoftonline.com. You'll be prompted to reset the password. Now go to PowerShell and try Connect-MsolService using the new user account you just created. You should now be able to remove all objects.
Adding Users from one Azure Active Directory to access an application in another Azure Active Directory
like below fixes the issue I just figured it out. The trick is to make the Web Application in question a multi-tenant application. There is a provision to do that in the Configure tab of Active Directory Extension->Applications in the Windows Azure Portal. A detailed process for creating a multi-tenant web application is given here. Unfortunately, that one is a bit deprecated and a direct code sample is available here.This is a sample multi-tenant web application which uses OpenId Connect to sign up and sign in users from any Azure Active Directory tenant. I tried it out, followed the instructions and it works like a charm. The code essentially uses OAuth2 to serve up a request to provision a web application within different tenants given the clientid of the web application and the consent by the user of the target tenant. So to summarize - my web application resides in AAD2. And the code in the sample helps me to programmatically provision the web application as an application in the tenant in AAD1. So users with AAD1 can directly access the web application by giving a consent to do the same. Not only this, but the code also helps me to enable access to users of any other windows azure active directory which is not a part of my subscription to login to the web application. Brilliant!
wish help you to fix your issue A feature like this is not currently supported in Azure Active Directory. Multiple certificates added to a single application are all interchangeable, and using a specific one does not affect any part of the authentication experience, including claims in the token. Remember that an Application Object represents a single application identity. If you are trying to represent multiple applications, you should adopt a different design pattern:
Python AAD (Azure Active Directory) Authentication with certificate
hope this fix your issue If you cannot get the private key, you won't use this cert to get authenticated with AAD. But You can upload a new cert by yourself and use it. The should be the Name of the key file which you generated.
I wish this help you You need to go to Certificate Trust Settings -> Enable Full trust for Root Certificates . Turn the slider on to enable full trust for the Charles Proxy Custom Root Certificate, this should fix it.