Guest User Access to an Identity portal

%3CLINGO-SUB%20id%3D%22lingo-sub-2229327%22%20slang%3D%22en-US%22%3EGuest%20User%20Access%20to%20an%20Identity%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2229327%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20two%20dev%20tenants%20and%20doing%20some%20proof%20of%20concept%20work%20on%20defender%20for%20Identity.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20guest%20user%20(from%20tenant%201)%20in%20tenant%202%2C%20and%20that%20user%20needs%20to%20be%20able%20to%20access%20the%20identity%20portal%20for%20tenant%202.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20i%20use%20the%20following%20url%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fportal.atp.azure.com%2F%3Ftid%3D%26lt%3Btenent%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.atp.azure.com%2F%3Ftid%3D%3CTENENT%3E%3C%2FTENENT%3E%3C%2FA%3E%26nbsp%3B2%20id%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20select%20the%20guest%20user%20account%20and%20its%20states%20the%20user%20haven't%20the%20correct%20permissions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20added%20that%20user%20to%20the%20newly%20created%20AAD%20group%20'Azure%20ATP%20%3CTENANT%20id%3D%22%22%3E%20user.%20Plus%20the%20user%20has%20'Security%20Operator'%20and%20Azure%20Sentinel%20Responder%20on%20tenant%202.%3C%2FTENANT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20something%20else%20required%20to%20allow%20this%20guest%20user%20access%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20would%20be%20much%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETim%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

I have two dev tenants and doing some proof of concept work on defender for Identity.

 

I have a guest user (from tenant 1) in tenant 2, and that user needs to be able to access the identity portal for tenant 2.

 

So i use the following url - https://portal.atp.azure.com/?tid=<tenent 2 id>

 

I select the guest user account and its states the user haven't the correct permissions.

 

I have added that user to the newly created AAD group 'Azure ATP <tenant id> user. Plus the user has 'Security Operator' and Azure Sentinel Responder on tenant 2.

 

Is something else required to allow this guest user access?

 

Any help would be much appreciated.

 

Regards,

 

Tim

1 Reply
The url you are using with the tid parameter will try to navigate you to the tenant's workspace, and not to a specific workspace. the guest user must not have permissions to its own tenant's workspace, thus failing to get it.
To login to the workspace where it has permissions you need to navigate to the workspace url first by its name like tenant2.atp.azure.com