Jul 01 2018
- last edited on
Jul 27 2020
Team, I found something which might be obvious as per the product design, but for some reason I am unable to understand the purpose of getting a mailbox provisioned for guest users in live database.
Step 1 ) - A guest user is invited. (from any platform gmail, yahoo, etc)
Step 2) - User will accept the invitation.
- In the process of the user accepting the invitation.
- The users will be redirected to the invitation portal with referencing the tenant id,
If the live database is already aware of this account, the request gets completed with the consent prompt à Expected behaviour.
Now let’s consider, I am not using an outlook,Hotmail,live account.
For testing purpose I used a gmail account:- firstname.lastname@example.org.
The moment I clicked on get started I was redirected to https://signup.live.com
And below mentioned is the prompt that I received à obvious as we need an identity.
Once I clicked on yes, it asks me to create a password à which is also obvious since there is a new account getting created in live database.
Now since the account is created a consent prompt will appear from invitations portal to access the information from live database.
Everything is working as expected.
Now the concern is, If I am using a Gmail account with a upn of email@example.com.
With the same UPN an account is created is live database and if I go to outlook.com, I can sign in with my new account that is created and send emails.
I am not sure if this should be a part of invitation process.
But I want to verify that whether MSA mailbox getting associated with a gmail id that exists in live database is required or not.
If it is required what is the purpose of this mailbox.
Instead there should be a prompt which user should approve or deny before a mailbox is provisioned.
If we think from security prospective there should be no mailbox provisioned for the user in live database if he/she is using a gmail, yahoo or any other service provider.
Aug 29 2018 05:36 AM
The answer to my question was recently added to Azure AD.