Add Microsoft Entra ID as an identity provider for External ID

Microsoft Entra ID is available as an identity provider option for B2B collaboration by default. If an external guest user has a Microsoft Entra account through work or school, they can redeem your B2B collaboration invitations or complete your sign-up user flows using their Microsoft Entra account.

Guest sign-in using Microsoft Entra accounts

If you want to enable guest users to sign in with their Microsoft Entra account, you can use either the invitation flow or a self-service sign-up user flow. No further configuration is required.

Microsoft Entra account in the invitation flow

When you invite a guest user to B2B collaboration, you can specify their Microsoft Entra account as the Email address they use to sign in.

Screenshot of inviting a guest user using the Microsoft Entra account.

Microsoft Entra account in self-service sign-up user flows

Microsoft Entra account is an identity provider option for your self-service sign-up user flows. Users can sign up for your applications using their own Microsoft Entra accounts. First, you need to enable self-service sign-up for your tenant. Then you can set up a user flow for the application and select Microsoft Entra ID as one of the sign-in options.

Screenshot of Microsoft Entra account in a self-service sign-up user flow.

Verifying the application's publisher domain

As of November 2020, new application registrations show up as unverified in the user consent prompt unless the application's publisher domain is verified, and the company’s identity has been verified with the Microsoft Partner Network and associated with the application. (Learn more about this change.) For Microsoft Entra user flows, the publisher’s domain appears only when using a Microsoft account or other Microsoft Entra tenant as the identity provider. To meet these new requirements, follow these steps:

  1. Verify your company identity using your Microsoft Partner Network (MPN) account. This process verifies information about your company and your company’s primary contact.
  2. Complete the publisher verification process to associate your MPN account with your app registration using one of the following options:

Next steps