Teams guest invitation process

Brass Contributor

I'm working on creating a Teams app for inviting external guests to a team using graph API. As part of the process I'm doing the following:

 

1. Submit a form for adding a guest by providing a guest email address

2. Send an Invite to the guest using create invite api with a redirect url of teams.microsoft.com

3. Immediately add the guest user to the team

4. The guest gets a invitation url in their email

 

Once the guest clicks the invitation URL, the verification process is completed and they are prompted to create a new microsoft account. Until this point everything works fine. After this, a message is generated asking the user to create a free Teams account. If they proceed further, they land up in their own new organization and are not able to join the organization for which they were invited for. 

 

What could be the problem here?

10 Replies

Wanted to give a more deeper perspective on this problem based on the recent behavior observed.

The invite redemption email seems to be similar between the ones sent through graph api and through the Teams desktop app (while adding the guest through the manage team->add member dialog). However the behavior is different when the url in the email is clicked as seen below:

Teams APP: The user is taken through the following process:

- Email Verification (via verification code)
- Microsoft account creation & verification (via verification code)
- Automatic linking of microsoft account to Teams account

Graph API: Here the steps are slightly different

- Email verification
- Microsoft Account creation
- Teams account creation - this is an extra step when redeeming the url from the API. Here the guest is forced to create a new Teams account with a new organization. Eventually when you end up creating a team account, you end up in your own organization than the one you were invited to.

Has anyone seen this behavior?

Guys,

Can someone help me on this pls? I'm having a tough time making this work.
It sounds like the user is clicking the link in the first email - which accepts their B2B guest invite, then redirects them to teams.microsoft.com.

Try redirecting them to somewhere else, like myapps.microsoft.com - then when you have added them to the Team, they get the welcome email from Teams - that link is direct to the correct Team in your tenant (whereas the other redirect is to teams.microsoft.com - which would take them into their own tenant if they have 365, or to the 'free' Teams if not.

@eynarain  As a Test, did you try using your personal email address to try it on a Home/Outside PC?

Yes, I did but the results are the same.

@Rob Ellis Thanks. I tried changing the redirect URL to myapps.microsoft.com but now it's giving me an access denied error just before opening Teams.

does your guest user receive an email about being added to the Team?

@Rob EllisYes, they do. The problem happens after the guest clicks the invitation link and proceeds with the guided process.

so to clarify - the user gets 2 emails:

1 which the click the link and that accepts and then redirects to myapps

2 which is the 'you've been added to Team X' email - with a link to that team.

If the user clicks the link in the first email, but does not click the link in the 2nd email yet - do you see them as a guest user in portal.azure.com ?

@Rob EllisThere is just one email for the invitation. While the guest is invited and is visible in the o365 portal, it takes a while to appear in Teams. I confirmed with Microsoft that this is the default behavior and take up to 24hrs for the sync to happen. The invitation redemption process is just not smooth. Sometime we get reports from clients that it's going in an endless verification loop and in some cases 2-3 times and finally lets them in. Finally, adding more fuel to fire, if the guest is already signed to another teams, things get a bit complicated. In any case for now we've decided to live with this. Thanks for your help.