This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 61%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
We have two Entra External ID tenants (companydev and companyprod).
For both of them we set up a custom domain (id-dev.company.com and id.company.com).
In both tenants, I created a user flow and added an app registration to it.
When I grab the OpenID Connect metadata document from the app registration, it initially looks like this: https://<tenantname>.ciamlogin.com/<tenant-id>/v2.0/.well-known/openid-configuration
It works fine for both tenants.
Switching to the custom domain, the URLs become https://id-dev.company.com/<tenant-id>/v2.0/.well-known/openid-configuration for DEV and https://id.company.com/<tenant-id>/v2.0/.well-known/openid-configuration for PROD.
PROD returns the OpenID Connect metadata document just fine.
DEV returns this error:
{
"error": "server_error",
"error_description": "AADSTS500210: Domain name does not match with the tenant identifier Trace ID: *** Correlation ID: *** Timestamp: 2024-08-13 07:04:44Z",
"error_codes": [500210],
"timestamp": "2024-08-13 07:04:44Z",
"trace_id": "***",
"correlation_id": "***"
}
I cannot find any information regarding this error anywhere. It seems like nobody else has ever faced this issue. I also can't find any information about it in Microsoft's documentations.
I'm able to run the user flow with the custom domain. So, it seems like the error only happens for the metadata document.
Please advise.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @Manuel T
Thank you for reaching us!
Could you please use the below link and enter your domain name and see if you able to fetch the tenant ID.
https://www.whatismytenantid.com/
If it is not fetching the tenant ID please check in your tenant the domain is verified or not.
Hi Akhilesh.
It's showing the correct tenant ID. The domain is verified and I can also use it to run the user flow. But for some reason, the OpenID Connect metadata document is not working.
The tool is able to fetch our tenant id.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi.
Thanks for the link. It successfully returned the tenant id. So, the domain verification doesn't seem to be the issue.