I have two azure tenants (Tenant A and Tenant B).
I have one registered app (App001) in tenant B with "Supported account types" set to "My organization only".
Here are steps to replicate the issue:
- Log into Tenant A's portal (portal.azure.com) with account A001
- Open new tab and try to log into app (App001). It doesn't prompt me to enter account B001 at all. It logs in with account A001 and get this error: AADSTS90072: User account '{EmailHidden}' from identity provider '{A001's email domain}' does not exist in tenant '{Tenant A}' and cannot access the application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'({App001's name}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account
Getting this error is expected because the app's setting does not allow different tenant/directory's user to authenticate.
The question/problem is why it did not prompt me to enter accounts for Tenant B? Any place I should take a look at the settings?
https://login.microsoftonline.com/tenant-id
? – juunas