This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Hi,
I have a question, we are looking at setting up Cross-Tenant Synchronization, however i cannot find anywhere if it mentions about the same passwords being copied across to the other tenant.
When a user is synced from tenant 1 to tenant 2, do they still use the same password they were using in tenant 1 as they would now use in tenant 2? Or do they need to use a new password in tenant 2?
Our tenants are both internal but used for production and non-production hence the same password would not be a bad thing as its still all internal. If its not configured automatically, is there anyway we can set this up to sync it across?
Kind regards,
Ben
The users will always auth against their home tenant, so their access in the other tenant is really based on what access they have been granted in the tenant they are synced to. Their passwords are never an issue since they auth in only one place. They can change it and auth will still go back to the home tenant. There is no syncing or updating. There is only one source of truth for their identity. Hope that makes sense!
Hi Andy,
Thanks for confirming.
The only thing I am struggling to understand is that 'the auth will always be against the home tenant.' As when they are required to log into the non-prod tenant (2nd tenant) it will be authenticating against a second domain/different address so it will be using the credentials stored in the other tenants Azure AD surely?
Really the main thing I am trying to get out here is, will their password be the exact same between the 2 tenants? Or do they have to setup a new password when they log into the 2nd tenant? This is once the user has been synced from tenant 1 to tenant 2.
Sorry that I am struggling to get my head round it, i will eventually :)
Kind regards,
Ben
Yep, no worries. There is only one logon name and password. The home tenant is the identity provider, that doest change if you sync that account to another tenant. You arent authenticating against the tenant, you are authenticating against your own tenant that you were synced from.
Thanks for confirming Andy.
Kind regards,
Ben
Hi, users still authenticate against their home tenant, there is no password syncing:
https://office365itpros.com/2022/02/08/azure-ad-cross-tenant-access/
Hi Andy,
Thanks for coming back so quick, as you mentioned, you are saying there is no password syncing. But in the screenshot, it says users will use their credentials that they use in their home tenant, to access resources in other tenants. So this suggests that they do use the same password?
Does it mean that if a user is to change their password then it will not update in the other tenants? But on the first sync across to new tenants they will keep the same password that they use in the home tenant initially?
Kind regards,
Ben