Azure Portal App (The account needs to be added as an external user in the tenant first. Please use a different account)

Question

Hello, some while back I read the documentation for business central oauth2 authentication so as i can make an app whereby I can read my business central data pull part of it so as i can perform some analytics on its using some application i have. While I can do that fine with the domain I have registerred my app in. I keep hitting this error when I try to use other business central accounts. Basically if another friend has business central and wants me to analyse his figures as i did mine, i expected that i can follow the same oauth2 logic the user gives consent and i can read his business central data. But unfortunately, I am hit with this error:

Selected user account does not exist in tenant 'mydomain.com' and cannot access the application 'myapplication-id-asdasdasd-asdasdasda-asdasd' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

I cannot be adding all external users in my tenant first so as i can read their data. I had believed that if i have made an app, with multi tenant and the user can grant access to it using oauth2, then i should be able to read the data fine as, this error is a bit cryptic and I feel i have exhausted the documentation and I have nowhere else to go.

This is link i use to get the code, and again, this works fine if i am connecting from any user account within my own domain, but not from accounts from other domains.

https://login.microsoftonline.com/

Answer 1

@pc

Thank you for posting your query on Microsoft Q&A, based on above description I could understand that you are trying to access an Azure AD/Entra ID registered application with external account and are getting access denied with message "Selected user account does not exist in tenant 'mydomain.com' and cannot access the application 'myapplication-id-asdasdasd-asdasdasda-asdasd' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."

Please do correct me if this is not the case by responding in the comments section:

Seems like currently your application is registered as a single tenant app hence it won't allow users from any other directory.

Multi-tenant application will allow the accounts in any organizational directory to login.

If you want accounts in any organizational directory and personal Microsoft accounts to login, you should use Azure AD v2.0 endpoint and change your account type.

Or you may also change the Supported account types to Accounts in any organizational directory (Any Azure AD directory - Multitenant)

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.