Forum Discussion

Lotusmail1's avatar
Lotusmail1
Copper Contributor
Dec 22, 2022
Solved

Different identity issuer assigned to guest account

Hello there, I have been noticing a few of my guest accounts created have different identity issuer assigned. Some says "Mail" and some says "ExternalAzureAD" or sometimes "XXX.onmicrosoft.com" I ca...
azure active directory
identity and access management
  • Lotusmail1's avatar
    Lotusmail1
    Copper Contributor
    Dec 22, 2022
    Hello Vasil,
    Thank you for your quick response. The authentication type assigned for this particular domain/organization was Azure AD per connected org not EOTP (email onetime passcode), and in fact another account from the same domain/organization was assigned ExternalAzureAD for its identity issuer. I don't understand why despite coming from the same domain/organization they have different Identity Issuer. Any thoughts about this? Let me know please. Thanks! Your input is greatly appreciated.

    • MikeCrowley's avatar
      MikeCrowley
      Iron Contributor
      Feb 08, 2024

      Lotusmail1 

      Perhaps those users were created prior to this change?


      To improve external sharing, in October 2021, Microsoft plans to turn on https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode by default for all tenants. Like the current ad-hoc sharing, the new mechanism features one-time passcodes. The big difference is that successful authentication results in the automatic creation of Azure AD guest accounts for external users.

      https://office365itpros.com/2021/08/17/sharepoint-online-embraces-azure-b2b-collaboration-external-sharing

      I realize this is an old post, but I kept circling back to it in a search, so I figured I'd add detail for others.

      Or perhaps the allowExternalIdToUseEmailOtp value was toggled (from Vasil's article).

Resources