Add user group from other Azure AD within Organization

Moses Mani 1 Reputation point
2022-06-09T11:31:11.097+00:00

Adding to the existing default Azure AD, a new AD has been created enabling Multi Tenant option, I am trying to add an existing user group from default Azure AD to this newly created Azure AD for doing so I am not find any option for it, rather it provides provision to create new user group.
I am in dire need to add the existing user group from default Azure AD with more than 1 million user to this newly created Azure AD, Can you expeditely help me here or suggest me the alternate way for adding the group here in this new Azure AD.

Note: Requirement here is, I am trying to provide application access to outside domain users along with our own domain user, for achieving this I have created new AD for partner/vendor domains and the existing user access to our domain should also continue unaffected. All the current users of the application are tagged under a user group so I am trying to this user group to partner/vendor domain AD such that the existing access to users remains unaffected.

Any help is highly appreciated!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,633 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Newbie Jones 1,171 Reputation points
    2022-06-16T14:01:00.383+00:00

    This doesn't sound like the correct approach.
    Authentication and account are two separate things, but are often linked together.
    I suspect the Wordpress SSO will authenticate against the account and group.
    I doubt you can have the accounts split across domains.

    Shouldn't this be setup using B2B (guest accounts) or B2C within the same tenant?

    In true multi-tenant scenarios, the tenants are separate so I don't think you can nest groups from one to another. I don't think its possible. I can't find any documents or scenarios that its covered.

    The other option is to copy the users and relevant groups from the external tenant to the main tenant via Azure AD Connect but this means that they are being authenticated from the main tenant. So this would seem superfluous. You could copy from the main tenant to the external tenant, but this would still mean 1 million user records being copied across which defeats the purpose of the workaround you are trying to implement.

    No comments