Apr 17 2018
07:24 PM
- last edited on
Feb 01 2023
09:35 AM
by
TechCommunityAP
Apr 17 2018
07:24 PM
- last edited on
Feb 01 2023
09:35 AM
by
TechCommunityAP
I have a domain zippysoft.us with the "default" admin and two guest (B2B) users. One of them is my gmail account. That user is a global admin, the domain has no restrictions on guest users, and he has an office 365 license assigned to him. He can sign into the azure portal just fine and manage the AzureAD stuff for the zippysoft.us domain.
However if I try to sign in to portal.office.com I get an error:
I discovered the userPrincipalName of the B2B user is [REDACTED]_gmail.com#EXT#@zippysoftus.onmicrosoft.com. I can enter that and get a password prompt, but the password for my microsoft account associated with my gmail account does not work.
I can certainly try the password reset option and see if I can get a "local password" associated with this account, but that would completely get rid of the whole federated authentication I'm trying to achieve.
Apr 17 2018 10:22 PM
Apr 17 2018 11:00 PM
You cannot login directly as a Guest user to any O365 resources, you have to use your "home tenant" credentials. Which also means that you cannot access pages such as the admin portal.
Jan 30 2020 04:32 AM
@Vasil Michev , is this still the case today?
We're outsourcing the servicedesk and so they need certain admin access to be able to do their work. I don't really want to create named accounts for all their engineers in our tenant so was hoping to invite them on their azurad identity (b2b) but then they cannot access the admin portal(s).
I know about delegated admin but I don't want to give all their helpdesk guys global admin access on our tenant....
Jan 30 2020 08:25 AM
Last time I played with this, I was able to assign a mailbox and even grant admin rights to a Guest users, however I'm yet to see any documentation that mentions this as a supported scenario.