B2B Authentication to PaaS and IaaS?



I was wondering if anyone has managed to authenticate to an external tenant PaaS and IaaS level (SQL managed instance and Azure NetApp Files) using a B2B account? So far im finding it cannot be done, the B2B account requires an account creating in the tenant with at least AAD P1 licenced to it to authenticate.

Are there any 3rd party tools available that will either sync with the users home tenant to carry their credentials to the Guest tenant, or a tool which will cache the credentials in the Guest tenant per session when Guest B2B users log in?


Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,712 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,127 questions
{count} votes

1 answer

Sort by: Most helpful
  1. 2020-11-27T17:31:02.897+00:00

    Hello @bc-consultancy, premium (P1) licenses are not required to be able to authenticate against Azure resources. Also, although guest users come from other tenants a security principal is created in the host tenant which allows them to authenticate and access its resources. If you want to access other tenants where the user is not a guess nor a member then that won't be possible.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and optionally fill the feedback form it so that other members in the community can benefit from it.

    0 comments No comments