Authenticate with user from another tenant?

%3CLINGO-SUB%20id%3D%22lingo-sub-417059%22%20slang%3D%22en-US%22%3EAuthenticate%20with%20user%20from%20another%20tenant%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-417059%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20situation%20where%20several%20of%20our%20users%20needs%20to%20work%20logged%20in%20with%20their%20accounts%20that%20they%20have%20with%20some%20of%20our%20clients%20(i.e%20on%20our%20clients%20O365%20-%20not%20ours).%20This%20means%20that%20in%20order%20to%20gain%20full%20access%20to%20our%20internal%20resources%20they%20need%20to%20switch%20between%20client%20account%20and%20internal%20account.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20find%20this%20really%20awkward%20and%20time%20consuming.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20best%20thing%20for%20us%20would%20be%20to%20be%20able%20to%20create%20accounts%20in%20our%20AAD%20that%20mirrors%20permissions%20of%20their%20internal%20accounts%20-%20but%20use%20the%20client%20account%20for%20authentication%20and%20thus%20enabling%20access%20to%20all%20features%20in%20both%20environments%20at%20the%20same%20time%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20to%20achieve%20this%20(or%20something%20similar)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20not%2C%20what%20is%20best%20practice%20for%20user%20who%20need%20to%20work%20with%20two%20or%20more%20O365%20tenants%20simultaneously%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-417059%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20B2B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-535403%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20with%20user%20from%20another%20tenant%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-535403%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F116192%22%20target%3D%22_blank%22%3E%40Erik%20Wettergren%3C%2FA%3E%26nbsp%3BAt%20the%20moment%20your%20requirement%20cannot%20be%20met.%20Microsoft%20handles%20guest%20accounts%20on%20a%20tenant%20differently%20to%20a%20tenant%20account.%20This%20is%20VERY%20obvious%20when%20you%20sign%20into%20a%20SharePoint%20site%20with%20both%20a%20guest%20and%20tenant%20account%20(even%20when%20both%20accounts%20have%20the%20same%20access%20rights).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20the%20moment%20what%20we%20do%20is%20to%20create%20two%20user%20profiles%20in%20a%20well%20known%20web%20browser%20that%20rhymes%20with%20dome.%20Doing%20this%20you%20can%20separate%20the%20two%20identities%20on%20a%20browser%20level.%20This%20only%20works%20if%20you%20are%20predominantly%20using%20web%20based%20tools.%20For%20Desktop%20applications%20it%20will%20not%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-548645%22%20slang%3D%22en-US%22%3ERe%3A%20Authenticate%20with%20user%20from%20another%20tenant%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-548645%22%20slang%3D%22en-US%22%3EThanks%20Jacobus!%3CBR%20%2F%3E%3CBR%20%2F%3EI%20think%20most%20of%20my%20colleagues%20are%20trying%20to%20get%20by%20using%20their%20browsers%20in%20incognito%2Fprivate%20mode%20to%20log%20into%20our%20tenant%2C%20when%20already%20logged%20in%20to%20clients%20O365.%20But%20hassle%20free%20switch%20betwen%20accounts%20in%20the%20desktop%20apps%20would%20be%20ideal.%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

We have a situation where several of our users needs to work logged in with their accounts that they have with some of our clients (i.e on our clients O365 - not ours). This means that in order to gain full access to our internal resources they need to switch between client account and internal account. 

 

Many find this really awkward and time consuming. 

 

The best thing for us would be to be able to create accounts in our AAD that mirrors permissions of their internal accounts - but use the client account for authentication and thus enabling access to all features in both environments at the same time?

 

Is there any way to achieve this (or something similar)?

 

If not, what is best practice for user who need to work with two or more O365 tenants simultaneously?

 

2 Replies
Highlighted

@Erik Wettergren At the moment your requirement cannot be met. Microsoft handles guest accounts on a tenant differently to a tenant account. This is VERY obvious when you sign into a SharePoint site with both a guest and tenant account (even when both accounts have the same access rights).

 

At the moment what we do is to create two user profiles in a well known web browser that rhymes with dome. Doing this you can separate the two identities on a browser level. This only works if you are predominantly using web based tools. For Desktop applications it will not work.

Highlighted
Thanks Jacobus!

I think most of my colleagues are trying to get by using their browsers in incognito/private mode to log into our tenant, when already logged in to clients O365. But hassle free switch betwen accounts in the desktop apps would be ideal.