Reset the redemption status for a guest user in Microsoft Entra External ID
Applies to: Workforce tenants External tenants (learn more)
In this article, you'll learn how to update the guest user's sign-in information after they've redeemed your invitation for B2B collaboration. There might be times when you'll need to update their sign-in information, for example when:
- The user wants to sign in using a different email and identity provider
- The account for the user in their home tenant has been deleted and re-created
- The user has moved to a different company, but they still need the same access to your resources
- The user’s responsibilities have been passed along to another user
To manage these scenarios previously, you had to manually delete the guest user’s account from your directory and reinvite the user. Now you can use the Microsoft Entra admin center, PowerShell or the Microsoft Graph invitation API to reset the user's redemption status and reinvite the user while keeping the user's object ID, group memberships, and app assignments. When the user redeems the new invitation, the UserPrincipalName (UPN) of the user doesn't change, but the user's sign-in name changes to the new email. Then the user can sign in using the new email or an email you've added to the otherMails
property of the user object.
Required Microsoft Entra roles
To reset a user's redemption status, you'll need one of the following roles assigned at the directory scope:
- Helpdesk Administrator (least privileged)
- User Administrator
Use the Microsoft Entra admin center to reset redemption status
Tip
Steps in this article might vary slightly based on the portal you start from.
Sign in to the Microsoft Entra admin center as at least a User Administrator.
Browse to Identity > Users > All users.
In the list, select the user's name to open their user profile.
(Optional) If the user wants to sign in using a different email:
- Select the Edit properties icon.
- Scroll to Email and type the new email.
- Next to Other emails, select Add email. Select Add, type the new email, and select Save.
- Select the Save button at the bottom of the page to save all changes.
On the Overview tab, under My Feed, select the Reset redemption status link in the B2B collaboration tile.
Under Reset redemption status, select Reset.
Use PowerShell or Microsoft Graph API to reset redemption status
Reset the email address used for sign-in
If a user wants to sign in using a different email:
- Make sure the new email address is added to the
mail
orotherMails
property of the user object. - Replace the email address in the
InvitedUserEmailAddress
property with the new email address. - Use one of the methods below to reset the user's redemption status.
Note
- When you're resetting the user's email address to a new address, we recommend setting the
mail
property. This way the user can redeem the invitation by signing into your directory in addition to using the redemption link in the invitation. - For app-only calls, the redemption status can't be reset if there are any roles assigned to the target user account.
Use PowerShell to reset redemption status
Install-Module Microsoft.Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"
$user = Get-MgUser -Filter "startsWith(mail, 'john.doe@fabrikam.net')"
New-MgInvitation `
-InvitedUserEmailAddress $user.Mail `
-InviteRedirectUrl "https://myapps.microsoft.com" `
-ResetRedemption `
-SendInvitationMessage `
-InvitedUser $user
Use Microsoft Graph API to reset redemption status
To use the Microsoft Graph invitation API, set the resetRedemption
property to true
and specify the new email address in the invitedUserEmailAddress
property.
POST https://graph.microsoft.com/v1.0/invitations
Authorization: Bearer eyJ0eX...
ContentType: application/json
{
"invitedUserEmailAddress": "<<external email>>",
"sendInvitationMessage": true,
"invitedUserMessageInfo": {
"messageLanguage": "en-US",
"ccRecipients": [
{
"emailAddress": {
"name": null,
"address": "<<optional additional notification email>>"
}
}
],
"customizedMessageBody": "<<custom message>>"
},
"inviteRedirectUrl": "https://myapps.microsoft.com?tenantId=",
"invitedUser": {
"id": "<<ID for the user you want to reset>>"
},
"resetRedemption": true
}