This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have been testing the MS Entra External ID sign up and sign in user flow. It came to me as a surprise that users from other MS Entra ID tenants need to be added as Guest users to the External ID tenant. In other words, the login screen in the new CIAM works differently from the normal MS login screen, in that it tries to find the user account from the External ID tenant's directory and doesn't allow signing in unless the user account pre-exists there as Guest user (either through invitation or self-service sign up).
MS Entra External ID provides the SAML/WS-fed external identity provider as an option, but that requires additional configuration in each MS Entra ID tenant (Idp) that needs to federate to our External ID tenant. Therefore OIDC would be the preferred option here, similarly how AAD B2C does it: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy
When can we expect to have this OIDC option available? I'm sure a lot of other customers are asking after this as well.
Apparently it's on the roadmap for this year: https://learn.microsoft.com/en-us/answers/questions/1627828/microsoft-entra-id-for-customers-and-openid-connec?source=docs
I've been trying to look for the roadmap for Entra External ID, is it publicly available somewhere?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello @Masi Malmi
I am checking this and will get back to you with further inputs.
Thanks,
Akhilesh.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Masi Malmi ,
Thanks for reaching out.
It came to me as a surprise that users from other MS Entra ID tenants need to be added as Guest users to the External ID tenant.
Microsoft Entra External ID is a customer identity and access management (CIAM) solution specifically for consumers and customers.
For any users (consumers/customers) to sign in to application need to sign up to the application.
Similar to Azure AD B2C, for any new users to sign in to application, first that users need to exist in the consumer tenant either by sign up or through invitation.
Microsoft Entra External ID allows users from other tenants to directly sign-up using signUp/signIn user flow and added up as local accounts in consumer tenant. However, you can invite those users through email as well and then those accounts will consider as guest accounts.
I have added two accounts from another tenant one using invite through link and another by sign up using user flow.
The ABC, which is invited through link, is added as guest user type with External Azure AD identities.
However, the other Shweta VRD24 is another account from same tenant which is showing as local account while signing in using CIAM's user flow.
Once these accounts exist in system, you can sign in to your application directly using user flow.
When can we expect to have this OIDC option available? I'm sure a lot of other customers are asking after this as well.
Yes, this is very common ask and our product team is working on it. As of now, we can't share any date.
You can refer https://learn.microsoft.com/en-us/entra/external-id/customers/concept-supported-features-customers for all the current features in External tenant.
Keep checking https://learn.microsoft.com/en-us/entra/external-id/customers/whats-new-docs for monthly updates on external tenant.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.