AAD Multitenant App support login for all microsoft account

2
votes

I am trying to create a multi-tenant application in Azure AD, which can login all users like Microsoft live/hotmail and also get the access permissions to access their management resource apis. I can get work accounts from other domain login but not live account. I get this error-

User account 'mitesh_***@live.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application '382dfccb-33af-4567-90cd********' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

I have heard of MSAL v2 endpoint to login both type of accounts, but I heard that this endpoint doesnt support permissions to access Resource management libraries yet.

Is there any way to achieve this with ADAL or any other way?

Thanks,

Mitesh

1
azureactive-directoryadalmsal

1 Answers

0
votes

The azure ad v2.0 endpoint supports both personal Microsoft accounts and work accounts from Azure Active Directory . But the v2.0 endpoint issues access tokens only for:

-The app that requested the token. An app can acquire an access token for itself, if the logical app is composed of several different components or tiers.

-The Outlook Mail, Calendar, and Contacts REST APIs, all of which are located at https://outlook.office.com.

-Microsoft Graph APIs. You can learn more about Microsoft Graph and the data that is available to you.

v2.0 endpoint doesn't support management apis .And azure ad v1.0 endpoint it supports work accounts unless Microsoft accounts are added as an external user in the tenant first . In my opinion , currently there is no other ways or workaround to achieve your requirement .