![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 26%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED3%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,631 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting your question in Microsoft Q&A
Usually, for all guest user's authentication always happens in user's home tenant. Say for example, if user belongs to contoso.com domain which is verified in another tenant, and also let's say contoso.com domain is federated with ADFS.
If user@Company portal .com tries to access any application which is configured in Fabrikam.com tenant, then authentication for user@Company portal .com will happen in contoso.com tenant only. And since contoso.com domain is federated with ADFS, Azure AD will send the request to ADFS for authentication.
Post authentication token will be given back to tenant where application is configured.
In your scenario, this redirection is happening to ADFS because guest user is configured to authenticate with ADFS. There is no other workaround for this and this is by design.
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.