Forum Discussion

gojo12's avatar
gojo12
Brass Contributor
May 27, 2021
Solved

Find all users in my tenant who are invited as guest in another tenant

Hello,   as the discussion subject states, I would like to know, which users in my own tenant are invited in other tenants as guest user (e.g. invited in other tenants' teams). Is there any option...
Access Management
Azure Active Directory (AAD)
  • souravmishra-msft's avatar
    souravmishra-msft
    May 28, 2021

    Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.

     

    For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.


    To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

souravmishra-msft's avatar
souravmishra-msft
Icon for Microsoft rankMicrosoft
May 28, 2021
Hello @GottfriedJocham, I am looking into this and let me get back to you on this.
souravmishra-msft's avatar
souravmishra-msft
Icon for Microsoft rankMicrosoft
May 28, 2021

Hello @GottfriedJocham, I did some lookup and it looks like what you can do here is call the following REST API "https://management.azure.com/tenants?api-version=2020-01-01" and get list of the tenants that a user is a part of (in other words, where the user is added as guest user). One thing to note here is that this API requires a delegated permission (user permission) and how it works is, it would only shows the tenants of the user who has currently logged in and called this API with an access-token that was issued on behalf of that user.

 

For eg: If User-A logs in to your app that calls this API, then after user-A logs in and then AAD issues an access-token to the app on behalf-of User-A. When the app uses that access-token and calls the api “https://management.azure.com/tenants?api-version=2020-01-01”, then all the tenants that User-A is part of (added as guest user) would get listed.


To read more on this API, please refer: https://docs.microsoft.com/en-us/rest/api/resources/tenants/list

  • gojo12's avatar
    gojo12
    Brass Contributor
    May 28, 2021

    Thank you souravmishra-msft!
    In other words, I need to develop an app that calls that API with the user's delegated permission or am I wrong?
    This requires each user to once call my app or did I missunderstood something here?

     

    best regards

    Gottfried

    • souravmishra-msft's avatar
      souravmishra-msft
      Icon for Microsoft rankMicrosoft
      May 29, 2021
      @GottfriedJocham, you are absolutely correct.

Resources