Problem with Google Accounts and Microsoft Teams

Occasional Contributor

I have set up Google as an IDP in Azure AD .  We have tested to invite gmail users to Sharepoint and it works wonders.


But when invited users try to open Teams in the browser. they get instantly logged out.  

Here is a video of the problem


Does someone know if its possible or has someone actually succeeded in to use google as an IDP for Guests in MIcrosoft Teams? or am i bashing my head into an impenetrable wall of my own creation?

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
11 Replies

From link below:

Your Google guest users must sign in using a link that includes the tenant context (for example,<tenant id> or<tenant id>, or in the case of a verified domain,<verified domain> Direct links to applications and resources also work as long as they include the tenant context. Guest users are currently unable to sign in using endpoints that have no tenant context. For example, using,, or the Teams common endpoint will result in an error.


Yeah, if there is no tenant context, you will just get "There is no account" .
So even though you are correct, this is not the solution i am afraid.
The login goes swimmingly, its just that Teams kicks me out, i also get the following error in Azure AD sign in log:
"Status: Failure
Error Code: 50085
Failure Reason: Refresh token needs social IDP login. Have user try signin-in again with username-password."

(which i have tried, different browsers, inkognito mode, cleared history etc)
Best Response confirmed by Jan Tibell (Occasional Contributor)
I don't think Teams supports currrently "direct" signin with Gmail accounts (This for sure is coming) so you need a MSA to be able to get the case of SPO it can be different due to the improvements in guest access done by the SPO and ODFB Team in the last months

So i have tested this thoroughly now.


If you have added Google as IDP in Azure AD then the following is true.

  • You can invite users with domain
  • The invited will be able to accept the invitation without creating an MSA account
  • The invited account will be able to access Sharepoint Online as a Guest
  • The Guest wont be able to log in without some tenant reference. 
  • The guest will be logged out as soon as they enter Teams

If you have enabled One-Time Passcode for guests (Preview)

  • You can invite users with a domain
  • The invited user has to log in as a guest using a code that is sent to the invited mail-address
  • The guest will be able to access sharepoint as a guest
  • The guest wont be able to log in without some tenant reference
  • The guest will be logged out as soon as they enter Teams


So i have now removed the google IDP. The ones that has used google IDP to accept the invitations will have to be removed, and reinvited. Issues will occur probably..


Right now its set up as default... and the process is as following

  1. user is invited
  2. They get directed to create a MS account with the same address
  3. They have to log in with the newly created MS account 
    1. Confusion will probably occur since they have two accounts with the same address that can have two different passwords
  4. They can go to and log in with the invited email address.   
  5. If the invited guest has been invited to multiple tenant, a switcher will show up in teams

Were you ever able to resolve this using the gmail federation rather than reverting back to using Microsoft accounts for Google users?  We're seeing the same behavior and I'd hate to roll back the Google federation feature.


I'm curious, did you try using the teams app instead of the web client?  I wonder if it would have behaved differently?


We're seeing it on both web and application......


The MS support crew reported is as not working iirc, i believe that it will be changed during april. Contact MS support to get the correct answer. 


We disabled it until its confirmed as working. 


@Juan Carlos González Martín - Several users at my company are experiencing intermittent issues with Gmail accounts, specifically when a meeting request is sent (whether it was created in Teams or Outlook).  When meeting request email is sent to users with Gmail accounts, often they are returned with the following error:

This is the mail delivery agent at Symantec Email I was unable to deliver your message to the following addresses:
Reason: 550-5.7.1 [ 14] Messages missing a valid address in From:
550 5.7.1 header, or having no From: header, are not accepted. m1si4208096qvb.184 - gsmtp


The screenshot is shown below. 
meeting invite to gmail returned.PNG

This occurs more times than not yet it is intermittent.  I have had no issues with emails going to emails.  Do we need to avoid Gmail user accounts for guest access moving forward?


@Jan Tibell I added my gmail account as a guest but it authorises access against the hotmail account used as a backup email address. 


I keep going in circles with Teams re-authorising my access but never letting the gmail account in to either the web or Teams app.


Additional problems arise when the backup hotmail address is used in other MS contexts - the bleed through from one account to another is horribly confusing. 


If the guest accounts don't work then Teams fails as a useful tool for many of our important collab cases.


@mikemq - Since I originally posted, I have noticed gmail accounts have behaved intermittently in regards to if the user receives the "You have been added to a Teams site" email. Lately it seems to have gotten better and I have not heard of one of my users who failed to get the invite email from Teams.