Self-Service Azure AD Error

%3CLINGO-SUB%20id%3D%22lingo-sub-1059982%22%20slang%3D%22en-US%22%3ESelf-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1059982%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20created%20a%20few%20Sharepoint%20sites%2C%20%26amp%3B%20added%20guest%20users.%20That%20was%20fine.%20However%2C%20one%20user%20has%20come%20into%20a%20problem%20I've%20no%20idea%20how%20to%20solve.%20When%20attempting%20to%20access%20the%20site%20by%20signing%20in%2Fcreating%20their%20account%2C%20they%20receive%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EWe%20cannot%20create%20a%20self-service%20Azure%20AD%20account%20for%20you%20because%20%5Bsite%20address%5D%20has%20disabled%20self-service%20account%20sign-up%20by%20email%20validation.%20Ask%20%5Bsite%20address%5D's%20admin%20to%20enable%20EmailVerified%20users%20or%20create%20an%20account%20for%20you.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20within%20my%20Azure%20Active%20Directory%20settings%20look%20fine%20to%20me%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20452px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F161083iAB93B8D83EC8D496%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%221122334455.png%22%20title%3D%221122334455.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAny%20ideas%3F%20Is%20this%20something%20the%20person%20I'm%20inviting%20has%20to%20get%20their%20Admin%20to%20edit%3F%20Or%20should%20I%20enable%20the%20Email%20One-Time%20Passcode%20-%20though%20by%20the%20sounds%20of%20it%2C%20that's%20a%20%22Guests%20never%20gain%20permanant%20access%2C%20just%20temporary%2024-hour%20slots%20requiring%20new%20codes%20each%20visit%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1059982%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1060722%22%20slang%3D%22en-US%22%3ERe%3A%20Self-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1060722%22%20slang%3D%22en-US%22%3E%3CP%3EThey%20should%20not%20be%20creating%20an%20account%2C%20but%20logging%20in%20with%20the%20one%20you%20added%20as%20guest%20user.%20Have%20they%20redeemed%20the%20invitation%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1061952%22%20slang%3D%22en-US%22%3ERe%3A%20Self-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1061952%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EYou%20have%20me%20confused.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EWithin%20Outlook%20-%26gt%3B%20Group%20-%26gt%3B%20Group%20Settings%20-%26gt%3B%20Add%20Members%3C%2FEM%3E%20%2C%20I%20have%20invited%20him%2Fher%20as%20a%20Guest.%3C%2FP%3E%3CP%3EI%20can%20see%20within%20Azure%20AD%20the%20%3CEM%3EName%2C%20UserName%2C%20Type%3C%2FEM%3E%20%26amp%3B%3CEM%3E%20Source%3C%2FEM%3E%20read%3CEM%3E%20%5Bemail%5D%2C%20%5Bemail%5D%2C%20Guest%3C%2FEM%3E%20%26amp%3B%20%3CEM%3EInvited%20User.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20more%20should%20I%20be%20doing%2C%20as%20I've%20completed%20your%20objective%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20say%20%22creating%22%2C%20what%20I%20mean%20is%2C%20when%20a%20non-Microsoft%20User%20is%20invited%2C%20they'll%20need%20to%20create%20a%20psuedo-Microsft%20account%20when%201st%20logging%20in%20when%20accessing%20the%20Invitation%20Link%3B%20i.e.%20input%20a%20new%20password.%20It%20is%20here%2C%20I%20believe%2C%20where%20they're%20being%20barred%20entry%20when%20attempting%20to%20redeem%20their%20invitation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1063148%22%20slang%3D%22en-US%22%3ERe%3A%20Self-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1063148%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20with%20you%2C%20but%20if%20they%20are%20creating%20a%20%22pseudo-Microsoft%22%20account%20they%20should%20not%20be%20running%20into%20such%20errors.%20More%20specifically%2C%20the%20%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Eerror%20message%20suggests%20that%20the%20AllowEmailVerifiedUsers%20setting%20is%20set%20to%20false%2C%20which%20can%20only%20be%20done%20for%20actual%20O365%20tenants.%20So%20either%20he%20is%20using%20an%20account%20associated%20with%20another%20O365%20tenant%2C%20or%20maybe%20he%20has%20signed%20up%20for%20some%20of%20the%20free%20services%20(Teams%20free%2C%20Flow%20Free%2C%20etc)%20which%20has%20resulted%20in%20a%20tenant%20created.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EHere's%20a%20similar%20thread%20we%20had%20here%20on%20the%20MTC%20a%20while%20back%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Teams%2FSelect-guests-unable-to-join-team-Azure-AD-puzzle%2Fm-p%2F203270%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Teams%2FSelect-guests-unable-to-join-team-Azure-AD-puzzle%2Fm-p%2F203270%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EAnd%20the%20documentation%20on%20the%20parameter%20in%20question%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-self-service-signup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-self-service-signup%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1064293%22%20slang%3D%22en-US%22%3ERe%3A%20Self-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1064293%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%20Thanks%20for%20the%20response.%20But%20then%2C%20if%20he's%20signed%20up%20for%20some%20free%20services%20%2F%20using%20an%20account%20associated%20with%20another%20O365%20tenant%2C%20how%20do%20I%20resolve%20that%3F%20Perhaps%20by%20accessing%20my%20Site%2FLinks%20via%20Incognito%2FPrivate%20Viewing%20mode%3F%3CBR%20%2F%3EI%20can't%20say%20I'm%20even%20aware%20what%20the%20key%20term%20Tenant%20represents%20(though%20I'll%20look%20into%20it%20now..)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065418%22%20slang%3D%22en-US%22%3ERe%3A%20Self-Service%20Azure%20AD%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065418%22%20slang%3D%22en-US%22%3E%3CP%3EChecking%20via%20Private%20session%20is%20always%20a%20good%20test%2C%20so%20let%20him%20try%20that.%20And%20%22tenant%22%20here%20means%20an%20organization%20registered%20with%20Microsoft.%20Problem%20is%2C%20end%20users%20can%20unintentionally%20register%20a%20tenant%20by%20signing%20up%20for%20one%20of%20the%20free%20services.%20If%20this%20is%20the%20case%2C%20then%20a%20%22takeover%22%20process%20must%20be%20initiated%2C%20as%20detailed%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdomains-admin-takeover%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdomains-admin-takeover%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20any%20case%2C%20you%20can%20always%20contact%20support%20for%20assistance%20on%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi,

 

I've created a few Sharepoint sites, & added guest users. That was fine. However, one user has come into a problem I've no idea how to solve. When attempting to access the site by signing in/creating their account, they receive the following:

 

We cannot create a self-service Azure AD account for you because [site address] has disabled self-service account sign-up by email validation. Ask [site address]'s admin to enable EmailVerified users or create an account for you.

 

However, within my Azure Active Directory settings look fine to me:

1122334455.png

Any ideas? Is this something the person I'm inviting has to get their Admin to edit? Or should I enable the Email One-Time Passcode - though by the sounds of it, that's a "Guests never gain permanant access, just temporary 24-hour slots requiring new codes each visit"

5 Replies
Highlighted

They should not be creating an account, but logging in with the one you added as guest user. Have they redeemed the invitation?

Highlighted

@Vasil MichevYou have me confused.

 

Within Outlook -> Group -> Group Settings -> Add Members , I have invited him/her as a Guest.

I can see within Azure AD the Name, UserName, Type & Source read [email], [email], Guest & Invited User.

 

What more should I be doing, as I've completed your objective?

 

When I say "creating", what I mean is, when a non-Microsoft User is invited, they'll need to create a psuedo-Microsft account when 1st logging in when accessing the Invitation Link; i.e. input a new password. It is here, I believe, where they're being barred entry when attempting to redeem their invitation.

Highlighted

I'm with you, but if they are creating a "pseudo-Microsoft" account they should not be running into such errors. More specifically, the error message suggests that the AllowEmailVerifiedUsers setting is set to false, which can only be done for actual O365 tenants. So either he is using an account associated with another O365 tenant, or maybe he has signed up for some of the free services (Teams free, Flow Free, etc) which has resulted in a tenant created.

 

Here's a similar thread we had here on the MTC a while back: https://techcommunity.microsoft.com/t5/Microsoft-Teams/Select-guests-unable-to-join-team-Azure-AD-pu...

 

And the documentation on the parameter in question: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-self-service-si...

Highlighted
@Vasil Michev Thanks for the response. But then, if he's signed up for some free services / using an account associated with another O365 tenant, how do I resolve that? Perhaps by accessing my Site/Links via Incognito/Private Viewing mode?
I can't say I'm even aware what the key term Tenant represents (though I'll look into it now..)
Highlighted

Checking via Private session is always a good test, so let him try that. And "tenant" here means an organization registered with Microsoft. Problem is, end users can unintentionally register a tenant by signing up for one of the free services. If this is the case, then a "takeover" process must be initiated, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/domains-admin-takeover

 

In any case, you can always contact support for assistance on this.