Forum Discussion
Different identity issuer assigned to guest account
Hello there,
I have been noticing a few of my guest accounts created have different identity issuer assigned. Some says "Mail" and some says "ExternalAzureAD" or sometimes "XXX.onmicrosoft.com" I cannot find any information about "Mail" identity issuer though. Is this somehow connected with MSA(Microsoft) as the IDP service and not Azure AD? I read an article about different types of external identity issuer per Microsoft documentation, but not once Mail identity issuer was mentioned. Any help, guidance or information is greatly appreciated. Thanks and have a great day!
- It's used by the new "one-time passcode" invite type, where identity verification happens over email, kinda.
Read here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode
3 Replies
- It's used by the new "one-time passcode" invite type, where identity verification happens over email, kinda.
Read here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode- Hello Vasil,
Thank you for your quick response. The authentication type assigned for this particular domain/organization was Azure AD per connected org not EOTP (email onetime passcode), and in fact another account from the same domain/organization was assigned ExternalAzureAD for its identity issuer. I don't understand why despite coming from the same domain/organization they have different Identity Issuer. Any thoughts about this? Let me know please. Thanks! Your input is greatly appreciated.Perhaps those users were created prior to this change?
To improve external sharing, in October 2021, Microsoft plans to turn on https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode by default for all tenants. Like the current ad-hoc sharing, the new mechanism features one-time passcodes. The big difference is that successful authentication results in the automatic creation of Azure AD guest accounts for external users.https://office365itpros.com/2021/08/17/sharepoint-online-embraces-azure-b2b-collaboration-external-sharing
I realize this is an old post, but I kept circling back to it in a search, so I figured I'd add detail for others.
Or perhaps the allowExternalIdToUseEmailOtp value was toggled (from Vasil's article).
