How to invite external users to Azure AD
Inviting guest users and have them login with SSO seems to only work when using a dedicated OpenId Connect configuration. Not with the common Azure AD IDP.
If your organization is configured with Single Sign On via Azure AD, there are two ways of inviting users to log in. You can either create a user account in your directory. The user account will then be a first class citizen in your domain and get the user type Member
and will log in using username@yourprimarydomain
. You can also invite external users to your AAD, and these users will then get user type Guest
and log in with their external email address.
To invite an external user, choose the “Invite external user” option in AAD.
You will then be asked to enter the name and email address of the user you want to invite. The login experience for the invited user will depend a bit on what type of email provider this email address has.
The invited user will get an email from Microsoft (on behalf of your organization) where they are asked to activate their account.
After activation their account in your AAD, they should be able to sign into Talentech using their email address just as your normal AAD members.
This approach works for most email addresses, but for some domains you might see the message “We couldn't find an account with that username. Try another, or get a new Microsoft account.” on the AAD login page. This can be fixed by using the manual Open ID Connect setup for SSO instead of the Talentech Marketplace app.