This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 60%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
We have a tenant an application created.
Questions:
We attempted to add an external tenant and we want to be able to allow all users from that tenant to automatically access one of our applications, is this possible? (we will handle permissions on our side for those users)
When adding a user to an application via adding an external tenant without adding that user as a guest.
Even with adding a user as a guest can we restrict to a particular tenant
what is the function of adding an external tenant, is that intended to not cross organizational boundaries
Error when attempting to log in from a user from another tenant that we have added as an external tenant
Request Id: 3eeacee6-fe94-4db7-9632-02381dc92200
Correlation Id: 3d4f781c-42e8-4ce2-9e3c-8b06a341bc69
Timestamp: 2024-06-12T21:01:08Z
Message: AADSTS50020: User account '******@domain.com' from identity provider 'xxxxxxx' does not exist in tenant 'tenant name' and cannot access the application application_id'xxxxxxx) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Micheal Mc Donnell Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Hi Micheal Mc Donnell please follow this thread https://learn.microsoft.com/en-us/answers/questions/759143/let-users-from-other-azure-ad-tenant-sign-in-to-ap
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
Regards,
Luis
Hi @Micheal Mc Donnell ,
How do we add users from other tenants without manually adding them.
To add users from other tenants, you can use Azure AD B2B collaboration. This feature allows you to invite users from other organizations to collaborate with you on your applications and resources. You can invite users to your tenant as guests, and they can sign in with their own credentials from their home organization.
Reference -https://learn.microsoft.com/en-us/entra/external-id/what-is-b2b
Can we use other organizations active directory/entra id users and trust them to access our applications
To use another organization's Active Directory/Enterprise ID users and trust them to access your applications, you can set up federation between your organization and theirs. Federation allows you to establish trust between two organizations so that users from one organization can access resources in the other organization using their own credentials.
What is the function of adding an external tentant. When we add an external tenant we are hoping to allow for users to access our application.
To allow all users from an external tenant to automatically access one of your applications, you can create a conditional access policy that grants access to the application for all users from the external tenant. You can configure the policy to allow access based on the user's tenant ID. However, keep in mind that this will grant access to all users from the external tenant, so you will need to handle permissions on your side for those users.
If you are receiving an error when attempting to log in from a user from another tenant that you have added as an external tenant, there might be multiple scenarios for that error. Please refer https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts50020-user-account-identity-provider-does-not-exist to identify the issue and its solution.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.