question

ssm3ll avatar image
0 Votes"
ssm3ll asked ·

Invite or add personal MS account to Azure AD

Hello. I have the following problem with Azure AD. I received invitation to join Azure AD. I was added as guest user as per https://docs.microsoft.com/en-us/answers/topics/azure-active-directory.html. but when I accept invitation it asks me to create business account instead of just add me there using my personal account.

55805-untitled.jpg

But when I try to redeem same invitation from other AD it successfully adds me using my personal account and new AD is listed on Azure Portal when I login using my personal account.

What I or AD admin should do to resolve the problem so I can be added using my personal account?

Best regards,
Stepan


azure-ad-b2cazure-ad-b2b
untitled.jpg (337.1 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

It sounds like you might be having this problem because you are using the personal account. Even though the personal account is present in your AAD tenant, it still remains a personal account only and there are some limitations around it. You may need to use a work or school account instead.

A brief description of the difference between Work & School accounts (Organizational accounts) and Microsoft Accounts (Personal Accounts):

A work or school account is an identity created through Azure Active Directory or another Microsoft cloud service, such as Microsoft 365. A work account typically uses an organization’s custom domain name or company name, such as jon@contoso.com. These are created by an organization’s administrator to enable a member of the organisation access to Microsoft cloud services such as Microsoft Azure, Microsoft Intune or Microsoft 365.

A Microsoft account (MSA) is an account created by a user for personal use and is the new name for what used to be called “Windows Live ID”. The Microsoft account is the combination of an email address and a password that a user uses to sign in to all consumer-oriented Microsoft products and cloud services such as Outlook (Hotmail), Messenger, OneDrive, MSN or Xbox LIVE. Your Microsoft account is created and stored in the Microsoft consumer identity account system that is run by Microsoft.

Several AAD Services strictly require work or school account (aka Organizational Accounts) to work with, and it's possible that this is the case here. I would suggest that the admin creates a user in the AAD Tenant and once the user gets created, you will find that you have the userPrincipalName set as "user1@yourTenantName.onmicrosoft.com" and can access the tenant.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bhanote avatar image
0 Votes"
bhanote answered ·

Hi StepanMelnichuk-8105, it looks like the scenario of Azure B2B & B2C. In the case of B2B, invite can be sent to any ID, but in order to access any resources in Azure AD, you need to have microsoft account or Azure AD supports external identity providers like Facebook, Microsoft accounts, Google, or enterprise identity providers. You can set up federation with identity providers so you can sign in with existing social or enterprise accounts instead of creating a new account just for new application. This is the reason when you are trying to redeem, it is asking you to create Microsoft Account because your account does not have federation.

However in case of B2C, you do not need to have Microsoft account and your personal account can be added.

Hope this helps, you can refer below URL for more info:-

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/user-properties


Thanks,
Ravi




·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ssm3ll avatar image
0 Votes"
ssm3ll answered ·

It's not a case to create AAD account. I just need to know how normally user can be added to AD and access it using his personal account.
Finally I was able to add my account to AD using DevOps. I was added to DevOps organization and I received invitation. When I try to use that link it still asks to create business account... but I directly open in browser DevOps organization link where I was logged in using my personal account and I was added to AD with my Microsoft Account.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bhanote avatar image
0 Votes"
bhanote answered ·

StepanMelnichuk-8105, as per my knowledge which still need to be enhanced :) . If you want to add any external identity in AAD, then the way out is to send invitation and in that scenario, if it is b2b, then you have to have business account or Microsoft account to access the services. However in case of B2c, it can be personal ID.

Thanks,
Ravi

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ssm3ll avatar image
0 Votes"
ssm3ll answered ·

bhanote, my main question is about how can I manage that?

Example1:
- I use same personal MS account.
- I was added to Tenant/AD #1 and I follow invitation link.
- It just adds me to AD without asking to create business account
- Follow above steps but for Tenant/AD #2
- It forces me to create business account

Is it something on AD side? How I can control it so I will be able to be added to Tenant/AD #2 using my personal account?

Example2:
- I use same personal MS account.
- We have DevOps connected to Tenant/AD #2
- I was added to DevOps organization users list
- I receive invitation link and when I follow it it asks me to create business account
- But when I try to access DevOps organization/project directly (DevOps project link) It adds me to AD using my personal account

It seems to be some random behaviour and I am trying to understand how it can be controlled.

Best regards,
Stepan















·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.