How to configure AD/App to enable login users outside of my AD?

David Tulloss 1 Reputation point
2021-06-22T14:25:32.603+00:00

Use case:
Our client organizations have their own ADs and perhaps other MS, but not AD emails (xBox, Live, etc). We want our web clients to use MS as an IDP to log into our app. We thought we'd configured it to do so, but get this error when attempting to do so:

AADSTS50020: User account 'mincers@Karima ben .com' from identity provider 'live.com' does not exist in tenant 'Coredial LLC' and cannot access the application 'f6186fd6-900f-4860-8050-d09ee27ec2a9'(CoreNexa) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

We've added the. hotmail user as an external user in another AD (different than the one hosting the registered app) as a test. What can we do (no problem registering another app, we are just learning right now) to allow users outside of our org to use MS as their IDP?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,428 questions
{count} votes