Granting Power BI Access to External Users

Yoni Wolovitz 1 Reputation point
2022-01-25T10:12:12.96+00:00

I have a client to whom I am providing some Power BI reports. Currently I have all the users set up in my Activation Directory, and are purchasing and on-selling the licenses to them. This is not ideal as they need to login with a different username to their organisation domain.

i.e. User X, whose organisation email is name.surname@org .com needs to login in with name.surname.organization@mydomain.com

The Workspace is a Premium Per User (PPU) workspace.

I've done the following:

  • Enabled guest access in the tenant settings, and all the external Azure options for the entire organisation
  • Shared the Tenant URL with the user
  • Ensured the user has been added to my Azure AD
  • Ensured the user has a PPU license in their tenant

However, when the user tries to log in on the tenant URL with their organisation credentials, they are presented with an error:

"User account 'name.surname@organization.com' from identity provider '_______' does not exist in tenant 'myTenant' and cannot access the application 'xxxxxxxx' (Microsoft Power BI) in that tenant.

Not sure what I'm doing wrong - can anyone suggest steps I can take to resolve this?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,360 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee
    2022-01-26T01:19:13.917+00:00

    Hi @Yoni Wolovitz ,

    I understand that you are trying to grant Power BI access to the external users, but these users need to log in with a different username from their organizational domain. Based on the Power BI External Users guide, it appears that you have fulfilled the prerequisites for setting this up. But if you invited the users with the "name.surname@organization.com" email, Azure will be expecting that address rather than the other one.

    Since Azure is expecting the domain email, you have the option to enable sign-in to Azure AD with email as an alternate login ID so that they can use their non-UPN email.

    Another thing you could do instead of changing the email address is add the alias for the user, so you would add name.surname.organization@mydomain.com as an alias to name.surname@org .com. https://learn.microsoft.com/en-us/microsoft-365/admin/email/add-another-email-alias-for-a-user?view=o365-worldwide

    Otherwise the invited emails need to be added as guest accounts in the tenant, and you will need to re-invite the users.

    Let me know if this helps.

    See also: How to update b2b user upn/mail

    0 comments No comments