Logging into The office 365 portal as a B2B user

%3CLINGO-SUB%20id%3D%22lingo-sub-184023%22%20slang%3D%22en-US%22%3ELogging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184023%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20domain%20zippysoft.us%20with%20the%20%22default%22%20admin%20and%20two%20guest%20(B2B)%20users.%20One%20of%20them%20is%20my%20gmail%20account.%20That%20user%20is%20a%20global%20admin%2C%20the%20domain%20has%20no%20restrictions%20on%20guest%20users%2C%20and%20he%20has%20an%20office%20365%20license%20assigned%20to%20him.%20He%20can%20sign%20into%20the%20azure%20portal%20just%20fine%20and%20manage%20the%20AzureAD%20stuff%20for%20the%20zippysoft.us%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20if%20I%20try%20to%20sign%20in%20to%20portal.office.com%20I%20get%20an%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20512px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F32501i54BEE3099F04BBEB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%220FyJK6E%22%20title%3D%220FyJK6E%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EI%20discovered%20the%20userPrincipalName%20of%20the%20B2B%20user%20is%20%5BREDACTED%5D_gmail.com%23EXT%23%40zippysoftus.onmicrosoft.com.%20I%20can%20enter%20that%20and%20get%20a%20password%20prompt%2C%20but%20the%20password%20for%20my%20microsoft%20account%20associated%20with%20my%20gmail%20account%20does%20not%20work.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20502px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F32502iC816BA62A572840B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22DXEtfLU%22%20title%3D%22DXEtfLU%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EI%20can%20certainly%20try%20the%20password%20reset%20option%20and%20see%20if%20I%20can%20get%20a%20%22local%20password%22%20associated%20with%20this%20account%2C%20but%20that%20would%20completely%20get%20rid%20of%20the%20whole%20federated%20authentication%20I'm%20trying%20to%20achieve.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-184023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20B2B%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184055%22%20slang%3D%22en-US%22%3ERe%3A%20Logging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184055%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20cannot%20login%20directly%20as%20a%20Guest%20user%20to%20any%20O365%20resources%2C%20you%20have%20to%20use%20your%20%22home%20tenant%22%20credentials.%20Which%20also%20means%20that%20you%20cannot%20access%20pages%20such%20as%20the%20admin%20portal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-184034%22%20slang%3D%22en-US%22%3ERe%3A%20Logging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184034%22%20slang%3D%22en-US%22%3EHave%20you%20added%20your%20guests%20users%20to%20Office%20365%3F%20Please%2C%20review%20the%20following%20article%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-b2b-admin-add-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-b2b-admin-add-users%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-839453%22%20slang%3D%22en-US%22%3ERe%3A%20Logging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-839453%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F138915%22%20target%3D%22_blank%22%3E%40Justin%20Dearing%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1139572%22%20slang%3D%22en-US%22%3ERe%3A%20Logging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1139572%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%2C%20is%20this%20still%20the%20case%20today%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20outsourcing%20the%20servicedesk%20and%20so%20they%20need%20certain%20admin%20access%20to%20be%20able%20to%20do%20their%20work.%20I%20don't%20really%20want%20to%20create%20named%20accounts%20for%20all%20their%20engineers%20in%20our%20tenant%20so%20was%20hoping%20to%20invite%20them%20on%20their%20azurad%20identity%20(b2b)%20but%20then%20they%20cannot%20access%20the%20admin%20portal(s).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20about%20delegated%20admin%20but%20I%20don't%20want%20to%20give%20all%20their%20helpdesk%20guys%20global%20admin%20access%20on%20our%20tenant....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1140091%22%20slang%3D%22en-US%22%3ERe%3A%20Logging%20into%20The%20office%20365%20portal%20as%20a%20B2B%20user%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1140091%22%20slang%3D%22en-US%22%3E%3CP%3ELast%20time%20I%20played%20with%20this%2C%20I%20was%20able%20to%20assign%20a%20mailbox%20and%20even%20grant%20admin%20rights%20to%20a%20Guest%20users%2C%20however%20I'm%20yet%20to%20see%20any%20documentation%20that%20mentions%20this%20as%20a%20supported%20scenario.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

I have a domain zippysoft.us with the "default" admin and two guest (B2B) users. One of them is my gmail account. That user is a global admin, the domain has no restrictions on guest users, and he has an office 365 license assigned to him. He can sign into the azure portal just fine and manage the AzureAD stuff for the zippysoft.us domain.

 

However if I try to sign in to portal.office.com I get an error:

 

0FyJK6E

I discovered the userPrincipalName of the B2B user is [REDACTED]_gmail.com#EXT#@zippysoftus.onmicrosoft.com. I can enter that and get a password prompt, but the password for my microsoft account associated with my gmail account does not work.

DXEtfLU

I can certainly try the password reset option and see if I can get a "local password" associated with this account, but that would completely get rid of the whole federated authentication I'm trying to achieve.

5 Replies
Highlighted
Have you added your guests users to Office 365? Please, review the following article: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users
Highlighted

You cannot login directly as a Guest user to any O365 resources, you have to use your "home tenant" credentials. Which also means that you cannot access pages such as the admin portal.

Highlighted
Highlighted

@Vasil Michev , is this still the case today?

 

We're outsourcing the servicedesk and so they need certain admin access to be able to do their work. I don't really want to create named accounts for all their engineers in our tenant so was hoping to invite them on their azurad identity (b2b) but then they cannot access the admin portal(s).

 

I know about delegated admin but I don't want to give all their helpdesk guys global admin access on our tenant....

Highlighted

Last time I played with this, I was able to assign a mailbox and even grant admin rights to a Guest users, however I'm yet to see any documentation that mentions this as a supported scenario.