I am quite new to Azure B2B. I am trying to access a function endpoint with the access token of an invited user and receive "You do not have permission to view this directory or page" (401). The same works for a local tenant user.
I have done the following till now:
- I created a simple function and registered it as an app in the home tenant
- I configured "B2B direct connect" with a remote tenant and tried to access the home tenant application. This failed with an error "Error AADSTS50020 - User account from identity provider does not exist in tenant", if I remember correctly. I read, that "B2B direct connect" works only for Teams; correct if I m wrong.
- I then decided to try the "B2B collaboration" model and the invitation flow. A guest user was created locally for the user of the remote AAD tenant
- I produced an access token in Postman using the endpoints of the home IdP
- I tried to consume the function from its endpoint (https://xxxx.azurewebsites.net/api/LoggerFunction?code=xxxxxxx) and got a "You do not have permission to view this directory or page" (401)
What do I need to do in order authorize the guest user identity to consume the function? I ve tried:
- settings roles for this identity
- configured explicitly a "Conditional Access" "grant" rule
- set it to member
but nothing seems to work. Any ideas? Let me know, if you need more info
Hello, I had a similar problem with guest users to be able to view them in teams, I solved it by adding them to the following applications in Azure manually.