How to authenticate Microsoft Account users through Entra External ID

Question

When I invite an external user via by providing their email address
They receive an invite link via email
After accepting the invite, if that email is not associated with an existing Microsoft Account it gets added to my directory with Identity Type: mail
However if the invited email used is associated with an Microsoft Account then after accepting the invite the user gets added to my directory with Identity Type: MicrosoftAccount

Upon going through the user login flow users with Identity Type: mail are able to login after providing their one time password
However for users with Identity Type MicrosoftAccount if they enter their email they get an error saying: "We couldn't find an account with this email address" and there is no option from them to "Sign in via Microsoft" instead of through my tenant login page

The "Identity Providers" page it appears to indicate that Microsoft Accounts should work?

Is it possible to disable the automatic linking to MicrosoftAccount and always use OTP flow even if the email is associated to an existing Microsoft Account?

When creating a user flow there is no option for Microsoft Account

Answer 1

Hi @Alek McGarry

Thank you for posting this in Microsoft Q&A.

I understand that how to authenticate Microsoft Account users through Entra External ID.

The redemption process verifies whether the user possesses a home directory or not. In the event that the user's home directory is recognized, the user is directed to the relevant identity provider for authentication. If no home directory is detected and the email one-time passcode functionality is activated for guests, a passcode is dispatched to the user via the provided email address.

The "Identity Providers" page it appears to indicate that Microsoft Accounts should work?

Yes, Microsoft account is available by default in the list of External Identities > All identity providers. No further configuration is needed to allow guest users to sign in with their Microsoft account, using either the invitation flow, or a self-service sign-up user flow.

As you provide screenshots, I confirmed Under Configured identity providers there are Microsoft entra Id, Microsoft Account and Email one-time passcode providers. But when you are creating a user flow there is no option for Microsoft Account or Microsoft Entra Id.

Can you please try to add another identity provider example "Google" and check google identity provider option available or not when creating a user flow.

And when you are creating flow, you are using preview version can you use recommended version.

Is it possible to disable the automatic linking to Microsoft Account and always use OTP flow even if the email is associated to an existing Microsoft Account?

Currently, it is not possible to disable the automatic linking to a Microsoft Account and always utilize the OTP flow.

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.