EXPECTED RESULT

It's possible to setup your Moodle integration with different AzureAD's on a multi-tenant setup. Users from these different tenants can create, share and discover content using the Microsoft block links to OneDrive and Sharepoint, at site or course level; and using Moodle filepicker through the Office365 repository.

ACTUAL RESULT

Setting up a multi-tentant integration allows users from the main (or first) tenant to use Microsoft block links to OneDrive and Sharepoint, as well the Office365 repository. Users from different tentats are not redirected to their own services or given permissions to use the primary tenant/application.

STEPS TO REPRODUCE

1. Setup a first tenant application
   1. Follow the instructions at https://docs.moodle.org/31/en/Office365
   2. Check the option "multi-tenant" when configuring the application
   3. Choose the "Switch the user to use OpenID Connect authentication" method
   4. Confirm your integration is working both
      1. to authenticate the users
      2. to authorize them to use the OneDrive and Sharepoint using the Microsoft block and Office365 repository
2. Setup a second tenant application
   1. As a global administrator of the second tenant, use the OIDC auth link
      1. /!\ IMPORTANT> In the Azure AD Sign-In page, add “&prompt=admin_consent” to the URL and press ENTER
      2. Give the required permissions in the second tenant for the application
   2. Confirm your integration is working both
      1. to authenticate the users
      2. to authorize them to use the OneDrive and Sharepoint using the Microsoft block and Office365 repository
   3. Error: Users from the second tenant are redirected to the first tenant sharepoint and onedrive links, what cause them to lack the permissions.

DEBUG:

• When using the links in the MS block:
  • That didn't work
    We're sorry, but [SECOND TENANT USER] can't be found in the [FIRST TENANT SHAREPOINT] directory. Please try again later, while we try to automatically fix this for you.
    Here are a few ideas:

Click here to sign in with a different account to this site.
This will sign you out of all other Office 365 services that you're signed into at this time.

If you're using this account on another site and don't want to sign out, start your browser in Private Browsing mode for this site (show me how).
If that doesn't help, contact your support team and include these technical details:
Correlation ID: [HASH]
Date and Time: [DATE HOUR] 
URL: [FIRST TENANT SHAREPOINT]
User: [SECOND TENANT USER]
Issue Type: User not in directory.

• When using the Office365 repository:

  •  Error
    Erro na chamada da API: Invalid structure received. No "value"
    URL: [MOODLE_SITE_URL]
    Debug info: Error code: erroro365apibadcall_message
    Stack trace:* line 290 of /local/o365/classes/rest/o365api.php: moodle_exception thrown * line 141 of /local/o365/classes/rest/onedrive.php: call to local_o365\rest\o365api->process_apicall_response() * line 918 of /repository/office365/lib.php: call to local_o365\rest\onedrive->get_contents() * line 262 of /repository/office365/lib.php: call to repository_office365->get_listing_my() * line 102 of /repository/repository_ajax.php: call to repository_office365->get_listing()