4

We're trying to invite users (including those from different ADs) to ours in order to give them access to our enterprise app. We are using the AD to manage the app's users and permissions.

We send them an email to join our AD as a guest user.

However, when they already have an Azure AD account connected to a local AD (that's federated), we don't have the permission to create an account on our side.

There are a few articles on this problem including (resending invites till it works, asking them to add our organization to trusted, and creating our own account for them)

Our objective is to use their AD sign in for our apps as well. Is there an easy way, such as copying their AD profile or sending them a link that they have to simply click "Yes" without having to do much IT work on their side? Thank you!

Here's an example from a different post:

double-beep
  • 5,031
  • 17
  • 33
  • 41
Eiffel 65
  • 83
  • 1
  • 5
  • Yeah these are a bit odd. I think it is something to do with their tenant, because I had a federated account before and I was able to join other tenants with that. For some reason it is trying to create an account instead of joining the existing one.. Or it could be the user account doesn't exist in their tenant, but you are trying to invite one with their domain, which is marked as federated in their tenant. – juunas May 23 '19 at 04:57
  • @juunas Yeah I think so, looking into this more it seems like they have a local ad and an azure ad setup but the specific user I was trying to invite doesn't have an azure ad account - we can't create an azure ad account for them basically... They have to give the user an azure ad account. – Eiffel 65 May 24 '19 at 21:08

1 Answers1

1

They have a local ad and an azure ad setup, but the specific user I was trying to invite doesn't have an account in their azure ad.

  • We can't create an azure ad account for them
  • They have to give the user an azure ad account
Eiffel 65
  • 83
  • 1
  • 5