SSO: Using outlook.com accounts to login to Azure AD

2
votes

I have a webapp that is using SSO to login users. I am trying to intergrate the SSO with Microsoft Azure AD (Since the webapp is hosted on Azure AD). I have enabled Multi-tenancy, So users from other domains are able to login without any issue. But the users from outlook.com are unable to login to the application. If a user from outlook.com tries to login, they get the following error.

Sign In Sorry, but we’re having trouble signing you in. We received a bad request.

Additional technical information: Correlation ID: 59cfb21d-d91a-4fa9-b71a-b058d873fde1 Timestamp: 2017-02-01 03:06:26Z AADSTS50020: User account '[email protected]' from identity provider 'live.com' does not exist in tenant 'Microsoft Accounts' and cannot access the application 'xxxxx-xxx-xxx-xxx-xxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Any ideas how to resolve this issue.

1
azuresingle-sign-onazure-web-app-serviceazure-active-directoryazure-ad-b2c

1 Answers

1
votes

Currently it seems that we cannot merge the Org Accounts (like the accounts in Office 365/ AAD) with Microsoft Accounts (LiveId, hotmial...).

To achieve your requirement, you can try to configure the easy auth feature of Azure App Service. Configure both AAD and Microsoft account for Authentication / Authorization, as mentioned at Authentication and authorization in Azure App Service.

Then you can perform a custom login page, for multiple providers. You can get a hint from post "Easy Auth" / App Service authentication using multiple providers