@testuser7
Thank you for your post and I apologize for the delayed response!
When it comes to Configuring cross-tenant access settings for B2B collaboration, I'll summarize your issue below so I can gain a better understanding of your issue.
**Scenario: **
- You've configuring the Inbound Access Settings for an external tenant (i.e.
Contoso.com
). - The inbound access setting will allow Guest Users (i.e.
guest-user U1
) fromContoso.com
to access your Azure AD tenant. - The inbound access setting will block your tenant's application (i.e.
A1
).
Issue:
Because your inbound access setting allows Guest Users from Contoso.com
to access your Azure AD tenant. If guest-user U1
sends a request to your tenant via App1
, will the Guest User be able to gain access to your tenant so that a token can be retrieved by the Application (A1
)?
---------------------
From your issue description, because your inbound access setting will block your tenant's application (A1
), if the Guest User is sending a request through Application A1
, then the request should be blocked since your tenant's application is sending the request, and the inbound access setting is set to block A1
.
Note: If you want to apply access settings to specific users, groups, or applications in an external organization, please contact the organization for information before configuring your settings. Obtain their user object IDs, group object IDs, or application IDs (client app IDs or resource app IDs) so you can target your settings correctly.
Additional Link:
Important considerations - Changing the default inbound or outbound settings to block access could block existing business-critical access to apps in your organization.
I hope this helps! If I misread your or incorrectly summarize your issue, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.