Sign in Azure AD external account

Question

I thougt this toggle in Azure would enable for external users to log in:

But when I log in from an external account, I get:

AADSTS50020: User account '[email protected]' from identity provider 'https://sts.windows.net/123123/' does not exist in tenant 'YY' and cannot access the application 'sdfsdfs'(asdasd) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Do I have to manually add single accounts to let them login with Azure? Can't I open up for specific domains or all?

Tony Ju Tony Ju · Accepted Answer · 2019-03-12T09:57:16

If you want users from the other organizations to login your application. There are four simple steps.

1.Update your application registration to be multi-tenant

2.Update your code to send requests to the /common endpoint

3.Update your code to handle multiple issuer values

4.Understand user and admin consent and make appropriate code changes

For more details, you can refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-registration-to-be-multi-tenant

Sign in Azure AD external account

1 Answers