B2B Authentication to PaaS and IaaS?



I was wondering if anyone has managed to authenticate to an external tenant PaaS and IaaS level (SQL managed instance and Azure NetApp Files) using a B2B account? So far im finding it cannot be done, the B2B account requires an account creating in the tenant with at least AAD P1 licenced to it to authenticate.

Are there any 3rd party tools available that will either sync with the users home tenant to carry their credentials to the Guest tenant, or a tool which will cache the credentials in the Guest tenant per session when Guest B2B users log in?


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,648 questions
Azure Active Directory Domain Services
Azure Active Directory External Identities
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 17,096 Reputation points Microsoft Employee

    Hello @bc-consultancy, premium (P1) licenses are not required to be able to authenticate against Azure resources. Also, although guest users come from other tenants a security principal is created in the host tenant which allows them to authenticate and access its resources. If you want to access other tenants where the user is not a guess nor a member then that won't be possible.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and optionally fill the feedback form it so that other members in the community can benefit from it.