Share via

GSA private access, cross tenant use?

John Kenny 21 Reputation points
2025-02-28T07:44:14.05+00:00

I have been using GSA private access successfully then I read somewhere that a tenants private access should work for guests etc, initially I tried adding a guest user as a member of the app etc but it the forwarding rules wouldn't update for the guest, next I tried Cross Tenant access i.e. added the external tenant id then altered the inbound access settings and trust etc but again the guests GSA client's forwarding profiles wouldn't update. Finally I decided to try cross tenant sync to sync my guest user to the host tenant as a member not guest. Also I assigned licences to rule that out also but still the forwarding profiles at the client end wouldn't pull the rules from the host tenant. the last setting I disabled to try out was the tenant restrictions. but again no joy.

Anyone have any ideas as to what I could be doing wrong as far as I can tell from the docs this should work but I've been unable too,

Any assistance is appreciated thanks

Microsoft Security | Microsoft Entra | Microsoft Entra Private Access

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 23,805 Reputation points Microsoft External Staff Moderator
    2025-02-28T12:20:50.1933333+00:00

    Hello @John Kenny,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, I understand that you are using Global Secure Access (GSA) with a Microsoft Entra Private Access profile. When you attempted to add guest user accounts to traffic forwarding profiles, the GSA client's forwarding rules were not updating for the guest users.

    I would say B2B logins are only supported when the user is accessing the service from a device that is Microsoft Entra joined from the resource tenant. Please check if the device that guest user is using is to be joined to the resource tenant.

    Does Global Secure Access allow B2B logins?

    The GSA requires a managed device that is joined to the resource tenant. The device must be either Microsoft Entra joined, or Microsoft Entra hybrid joined.

    The Global Secure Access Client for Windows - Global Secure Access | Microsoft Learn

    Please note that you will not be able to access the Entra joined device using a guest account.

    Microsoft Entra device management FAQ - Microsoft Entra ID | Microsoft Learn

    This could be one of the reasons why the guest user is unable to receive forwarding rules from the host tenant.

    To better understand your scenario, I would suggest a remote session or an offline discussion, so I can provide a more detailed solution. Please send me your details in private message to connect with you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.