Azure AD account with identities as Externak Azure AD

Question

Azure AD account with identities as Externak Azure AD

Virtual Tech 106

Hi

Can someone please explain why or how a guest user identities is ExternalAzureAD? Does that mean an internal user sent an invite to an external user from another tenant?

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-12-05T09:12:06.047+00:00

Hi @Virtual Tech ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Shweta

2 answers

Your answer

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-12-05T09:12:06.047+00:00

Hi @Virtual Tech ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Shweta

Answer 1

JamesTran-MSFT 36,901 Microsoft Employee Moderator

@Virtual Tech
Thank you for your post!

The Identities property of a user within Azure AD indicates that user’s primary identity provider. You're correct when it comes to the ExternalAzureAD Identity - an internal user invited an external user to your Azure AD tenant as part of the B2B collaboration feature, which is a capability of Azure AD External Identities that lets you collaborate with users and partners outside of your organization. For more info - Properties of an Azure Active Directory B2B collaboration user.

After invitation redemption
After the B2B collaboration user accepts the invitation, the Identities property is updated based on the user’s identity provider.

If the B2B collaboration user is using a Microsoft account or credentials from another external identity provider, Identities reflects the identity provider, for example Microsoft Account, google.com, or facebook.com.
If the B2B collaboration user is using credentials from another Azure AD organization, Identities is External Azure AD.

Identities:

Additional Link:
Configure external collaboration settings - This lets you specify who can invite external users, allow or block specific domains, and restrict what external guest users can see.

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Gustavo43 1 Reputation point

2022-12-01T12:51:27.707+00:00

Thanks for detail explanation.

Is there a way to confirm if an external azure guest account is B2B, after clicked that setting in the account?
JamesTran-MSFT 36,901 Reputation points Microsoft Employee Moderator

2022-12-02T19:20:35.203+00:00

@Virtual Tech
Thank you for following up on this!

When it comes to confirming whether or not an external Azure guest account is a B2B user - these B2B collaboration user objects are typically given a user type of guest and can be identified by the #EXT# extension in their user principal name. You can also identify B2B users by their Creation Type under Users within Azure AD. For more info - B2B collaboration overview.

Additional Links:
Properties of an Azure Active Directory B2B collaboration user
Azure Active Directory B2B best practices
The elements of the B2B collaboration invitation email - Azure Active Directory

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
JamesTran-MSFT 36,901 Reputation points Microsoft Employee Moderator

2022-12-02T19:30:45.23+00:00

@Virtual Tech
Adding onto my previous comment, after clicking on the Identities setting for the user, you should be able to identify by the #EXT# extension in the user principal name.

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
JamesTran-MSFT 36,901 Reputation points Microsoft Employee Moderator

2022-12-05T15:59:43.553+00:00

@Virtual Tech
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
Virtual Tech 106 Reputation points

2022-12-05T19:33:36.88+00:00

@JamesTran-MSFT - Thanks for your reply. I do see #EXT# extension on my external guest account.

Silly question, why is there a B2B option if the external business account is created as a guest account in the portal?
JamesTran-MSFT 36,901 Reputation points Microsoft Employee Moderator

2022-12-07T22:32:15.523+00:00

@Virtual Tech
Thank you for following up on this and I apologize for the delayed response!

When it comes to the B2B option that you highlighted, that pertains to one of the ways you can collaborate with other users - Invitation Redemption.

If you send an invitation email to the guest, the invitation includes a link the guest can redeem to get access to your app or portal. The invitation email is just one of the ways guests can get access to your resources. As an alternative, you can add guests (as you mentioned) to your directory and give them a direct link to the portal or app you want to share.

Invitation redemption flow:

Additional Link:
Add a guest user and send an invitation

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
JamesTran-MSFT 36,901 Reputation points Microsoft Employee Moderator

2022-12-08T15:20:06.597+00:00

@Virtual Tech
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

Dillon Silzer 57,826 Volunteer Moderator

Hi @Virtual Tech

That is correct, someone from your tenant has invited this user to be a guest for an application within your Azure AD tenant.

See Configure external collaboration settings for more details:

https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-collaboration-settings-configure

-----------------------------------------

If this is helpful please accept answer.

Gustavo43 1 Reputation point

2022-12-01T12:47:44.82+00:00

Thanks this was the answer. I tested on my test tenant.

Share via

Azure AD account with identities as Externak Azure AD

2 answers

Your answer