Developer forum

Forum » Dynamicweb 10 » Multiple External Authentication Providers with Microsoft Entra ID

Multiple External Authentication Providers with Microsoft Entra ID

E-mail notifications
Ferri Halfhide
Reply
Posted on 15/04/2026 08:19:56

Hey team,

I have a question regarding external authentication in Dynamicweb.

I understand that it is possible to configure multiple external authentication providers. Currently, we are using Microsoft Entra ID as our external authentication provider, and this setup is working correctly for our internal users.

However, one of our customers would also like to use external authentication, and they are using Microsoft Entra ID as well (but from their own tenant).

I noticed that it is possible to add multiple external authentication providers in Dynamicweb. My question is:

  • Would it work correctly if we configure two separate providers using the same type (Microsoft Entra ID), each with their own client ID, secret, and tenant configuration?

Or is there a recommended/better approach to handle this scenario?
Any guidance or best practices would be greatly appreciated.


Replies

 
Ferri Halfhide
Posted on 15/04/2026 08:28:13
Reply

To follow up on this,

I’ve been trying to experiment with adding a second external authentication provider (MSEntra as well), but when I attempt to create another Microsoft Entra ID provider, I receive the following error:

“There is already an active provider with the same scheme: Msentra”

From what I understand, this means Dynamicweb does not allow multiple providers using the same scheme.

However, this is necessary to make it work. 

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 15/04/2026 22:50:28
Reply
This post has been marked as an answer

Yes, this is fully supported — you just need to give each provider a unique scheme.

Why the error occurs

Every external authentication provider registered in Dynamicweb must have a unique Authentication scheme. This scheme is used internally to distinguish providers and also forms the OAuth callback URL. The default scheme for the Microsoft Entra provider is msentra, so when you add a second one without changing it, Dynamicweb rejects it with:

"There is already an active provider with the same scheme: msentra"

How to fix it

When configuring your second Microsoft Entra provider, change the Authentication scheme field to something unique, for example:

Provider

Scheme

Used for

First

msentra

Internal users

Second

msentra-customer

Customer tenant

Each provider then gets its own completely independent configuration — its own Client ID, Client Secret, and Tenant ID.

Update the redirect URI in Entra admin center

The scheme directly determines the OAuth redirect URI. For each provider, you must register the corresponding redirect URI in the respective Entra admin center → App registrations → Authentication:

  • Internal: https://yoursite.com/signin-msentra
  • Customer: https://yoursite.com/signin-msentra-customer

Make sure the scheme you choose in Dynamicweb matches exactly (case-insensitive) what you register in Azure.

Summary

Two providers, same type, fully independent — just ensure the Authentication scheme is unique for each one, and register the matching redirect URI in each Entra app registration.

 

Votes for this answer: 1

 

You must be logged in to post in the forum