One-time passcode authentication question

Chad_V_Kealey · ‎Feb 03 2023

We've had a few users report that guests they've invited to groups, teams or sites were prompted for a code to sign in (as described here: One-time passcode authentication for B2B guest users - Azure AD - Microsoft Entra | Microsoft Learn

In the past, guests needed a Microsoft account of some kind to authenticate. Some complained about this, but at least it was a known quantity and the behavior was predictable.

Now, it seems that if there is an MSA (M365, Live.com, Outlook.com, etc.) associated with the email address used to invite them, they are prompted to sign in with that account.

If there is not an MSA connected to that email, then sometimes they are prompted for a code, but sometimes they are prompted to create an MSA. There doesn't seem to be any rhyme or reason, but we haven't tested very extensively.

So, the question is: is this normal? I understand that we could disable the one-time passcode authentication, but there are absolutely some valid use cases for it, so we'd rather not. I just want to understand what the expected behavior is so we know how to handle questions or issues that users report.

ChristianJBergstrom · ‎Feb 03 2023

Email OTP in AAD is enabled by default now. This is how it works https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode

When sharing sites as opposed to files and folders a MS account will be needed (at least that’s how it’s been).

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

One-time passcode authentication question

One-time passcode authentication question

Re: One-time passcode authentication question