Interactive Browser Credential "You can't sign in here with a personal account. Use your work or school account instead."

Question

I am attempting to implement Interactive Browser Credential with Azure Identity (JS) in my app so that users can authenticate to their own Azure accounts for my dev tool. I got advice that app registration in Azure AD would be required on a Reddit thread (https://www.reddit.com/r/AZURE/comments/smcl15/azure_identity_sdk_js_how_to_authenticate_to/). I have now done so.

I have registered localhost:8083 and localhost:8085 as redirect URIs and selected the option to allow Account in any organizational directory. However, I am still getting the error "You can't sign in here with a personal account. Use your work or school account instead." Every answer(https://stackoverflow.com/questions/56007863/access-with-personal-account-to-multi-tenant-application-aad) I have read on the topic says that I need to set "signInAudience": "AzureADandPersonalMicrosoftAccount" in the manifest. However, that is how my manifest already is and has been since the beginning. How do I fix the error?

Answer 1

Hi @alma eyre ,

As mentioned in your other thread as well,

If you want to use Azure service management API to get the list of subscriptions and resource groups, user_impersonation is the scope that you need to request to work with the Azure Management API.

You can add permission as mentioned below Application-> API permissions -> Add a permission -> select Azure Service Management API -> select the user_impersonation

Also, you need to make sure the user has role i.e Contributor assigned in the subscription.

Hope this will helps.

Thanks,
Shweta

-----------------------------------

Please remember to "Accept Answer" if answer helped you.