This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We're trying to invite a user as a guest to our tenant. We have done this successfully for other tenants, including during investigating this particular issue, and it generally does work everywhere else.
Instead of getting the redemption dialog that explains that our tenant will get access to their email address, with the Cancel / Accept buttons, the user is presented with a login box, pre-populated with their email address, but with OUR tenant's branding on it - it appears the invitation redeem link is asking the user to log into our tenant rather than their home tenant.
When they enter their username and password they get red text informing them that their account is blocked for sign in. Presumably because it's trying to authenticate against our tenant and not the user's home tenant.
I have reproduced this by asking the user to forward me the email and opening it in a InPrivate Browsing window.
The customer's tenant identities are synced with Azure AD Connect with PTA (from what it appears, I have limited access to their tenant using an account we use to support them).
We have deleted the guest user entry completely from our Azure AD tenant and re-invited, but the same issue occurs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 90%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.
Hi @Jim Love , We'll need to take a look at your environment in order to figure this out. Please send an email to "azcommunity@microsoft.com" with subject "ATTN: James Hamil" with your subscription ID. I can set you up with a free support ticket. Please let me know if you have any questions.
Best,
James
Hi James, thanks, email sent.
This was resolved through a call from Microsoft.
Turns out my issue all along was that the deleted user from the first "Add as guest" attempt was still in the "Deleted Users List". Once purged from this list, the user was re-added as a guest and the redemption link worked.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 37%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Have seen something similar to this before as the guest user was on a machine which was part of another 365/AAD domain and was effectively overriding the guest authentication process.
Have you tried opening it on a device which is not part of any domain to rule out a policy issue?