A colleague of mine is trying to get access to Microsoft Teams (guest access). When she tries to log into the client tenant she gets a dialog box asking for username and password (see attachement). she's tried her company / client email address with no luck.
Looks like she's hitting the company's own AD FS server, and the only way she can authenticate against it is if she has a regular user account. Advise her to try to access the Team in a private browser session instead.
yeah Teams and guest access are no fun right now. If they have office 365 tenant on the address you invite as a guest, the client wants to default to their local tenant first before redirecting to the guest tenant. If teams is prevented in any way on their home tenant you won't be able to join a tenant as a guest.
My advice and what I've been using if I can't get people into my Team on first try due to login issues or work / personal overlap issues, I have the user just create or use a different Microsoft Account and invite it to your Team. At least until they fix this issue.
I recently was tasked with troubleshooting this, and despite what the other say, got it to work where the user authenticates against their org's Azure ID/Office365 ID. In my test cases, this was achieved by acknowledging the invite basically in a browser private session at first, which then should allow them to get to an authentication process that sets up some sort of 'federation' from what I can tell. THat process has to complete via authenticating as the 'email' that was invited. if your login ID is a upn different than the email, it won't work.
I tested this with both personal MS accounts, and an office365 tenant.
To break it down:
if invitee is on authenticated windows device:
Login to owa/outlook.com in a private browser, none chrome window.
Click the teams link in the window or copy & paste it & open it in another private tab.
Follow authentication/federation approval stuff.
If prompted to open teams client, it may pop up stuff about switching ID's.
This part is touchy, if your teams and desktop are integrated to Azure AD, so I wrote my documentation to tell users to try to complete in the private browser session.
Once that completes once, in the browser session, between the teams search & the Users ID icon, should be a pull down that switch's between each org.
Then they should be able to open the teams client as their main org, and should see the pull down.
Mac's actually follow this process easier.
And whats not easy is if you try to log out of teams on an authenticated windows machine, and login as another org's ID as primary.. The client barf's a high percentage of the time.