Share via

We are unable to create a new external user.

Craig 31 Reputation points
2023-02-20T04:07:50.3066667+00:00

We have done the following in our .onmicrosoft.com, Azure Active Directory

  1. Created a new user by New User > Invite User and entered email address (our email is managed externally so has a different domain) and name.
  2. Assigned a role to the user, and assigned them to the subscription.
  3. They accept the invitation and set up MFA, and this confirmed in the sign-in logs (to the 'My Profile' Application).
  4. They go to https://portal.azure.com and type in their email address

At this stage they get an error: "This username may be incorrect..." and cannot access Azure Portal.

This was following a procedure we created (and worked fine) in April 2021. One item of note is that the Identities column in Azure AD Users says 'mail' rather than 'External AzureAD' as it had for previous users.

How do we solve this? And is there something that has changed in this area in the last two years that mean our procedure is out of date?

Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2023-02-22T05:38:36.1133333+00:00

    @Craig

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer)"

    I'll repost your solution in case you'd like to "[Accept] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#accepted-answer-in-a-question-thread)" the answer.

    The problem was that a user of identity 'mail' never had an identity server which seems to create problems when accessing Azure Portal.

    To resolve, you were able to force a identity of type 'MicrosoftAccount' by turning off 'Email one-time passcode'. Once this was off, the user creation process explicitly told us it would create a Microsoft Account for the new user.

    To turn off 'Email one-time passcode': Go to Azure Active Directory > External Identities > All Identity Providers and ensure Email one-time passcode is set to No.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Craig 31 Reputation points
    2023-02-21T03:47:25.3733333+00:00

    I believe the problem was that a user of identity 'mail' never had an identity server which seems to create problems when accessing Azure Portal.

    To resolve, we were able to force a identity of type 'MicrosoftAccount' by turning off 'Email one-time passcode'. Once this was off, the user creation process explicitly told us it would create a Microsoft Account for the new user.

    To turn off 'Email one-time passcode': Go to Azure Active Directory > External Identities > All Identity Providers and ensure Email one-time passcode is set to No.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.