Share via

Point Github to the correct tenant

Mark Jones 0 Reputation points
2026-03-18T00:08:30.4633333+00:00

**GitHub Actions is authenticating into the wrong tenant, even though you’ve already created the correct identity in your main tenant. The fix now is to repoint GitHub to the correct App Service by updating the three OIDC values AND ensuring the federated credential exists in the same tenant as the App Service.**gsc-identity-api-v3 I created a new app service due to the v2 flaking out.

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aditya N 2,455 Reputation points Microsoft External Staff Moderator
    2026-03-18T03:42:54.9466667+00:00

    Hello @Mark Jones

    Thank you for reaching out Microsoft Q&A.

    We're glad that you found the fix for your query and thank you for sharing the same in this forum. Please feel free to reach out to us in case of any further queries.

    Re-iterating the solution, whenever such issue occur please ensure the following are all aligned to the same tenant:

    The App Registration / service principal

    The federated identity credential (issuer: https://token.actions.githubusercontent.com, audience: api://AzureADTokenExchange, subject matching your repo/branch)

    GitHub secrets: AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_SUBSCRIPTION_ID

    The App Service itself

    OIDC trust in Azure is tenant‑scoped, so any mismatch causes GitHub to sign in to the wrong directory.

    Reference:

    https://learn.microsoft.com/azure/developer/github/connect-from-azure-openid-connect

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.