0

I used azure active directory for the bot authentication in microsoft bot emulator. While login with bot it allow only the users who had the azure account but for other users who does not have azure account it shows The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Please help me how to login with azure active directory for the guest users also.

Prakash
  • 591
  • 3
  • 9
  • 28

1 Answers1

1

You have to add the guest user on your tenant. Once you add guest user email then that user can login. To do that see the below step.

Step: 1

Go Azure active Directory tenant. then Users. click on All users On the top of the list you will see the New guest user option click on that. See the screen shot below:

enter image description here

Step:2

Once you click on New guest user new guest user invitation page will be come up. Enter the email the guest user you wanted to add. See the picture below

enter image description here.

Check the email where the invitation sent and click on the the link given. It will redirect to the guest user login page.

Note You need to have guest user add/Invitation credential for that on azure active directory tenant. For more information you could refer here. Adding user with out invitation take a look here

If you have any more concern feel free to share here in comment. Thank you and happy coding!

Community
  • 1
  • 1
Md Farid Uddin Kiron
  • 16,817
  • 3
  • 17
  • 43
  • Thanks for your response. Is there is any way to add the guest users to azure account programmatically in node.js. Because when a user register in my application I need to add his account with my account.. – Prakash May 02 '19 at 11:40
  • 1
    @Prakash Its pleasure. Yes you could do it programmatically also using REST API, please refer to this official document https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0#example || Be care about the API permission. If you have any more query feel free to share. Thank you and happy coding! – Md Farid Uddin Kiron May 02 '19 at 14:25
  • I look over the API for creating the user, but it shows "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.",} I think I miss to give the permission for that API. Can you please say where to give the permission for that. – Prakash May 03 '19 at 05:40
  • 1
    As I said you before! You should have the permission for that request on portal. Its has also some steps I would suggest you to show your request format , so that I can help faster and also read this https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0#permissions – Md Farid Uddin Kiron May 03 '19 at 05:45
  • @Prakash If you still have any problem let me know or arise a new question I will help you there. – Md Farid Uddin Kiron May 03 '19 at 05:57
  • It is the API that I call "https://graph.microsoft.com/v1.0/users" and I pass the token in Authorization bearer token, and in the body I pass this { "accountEnabled": true, "displayName": "displayName-value", "mailNickname": "mailNickname-value", "userPrincipalName": "upn-value@tenant-value.onmicrosoft.com", "passwordProfile" : { "forceChangePasswordNextSignIn": true, "password": "password-value" } } which shown in that document. – Prakash May 03 '19 at 05:58
  • can you tell me where I want to give the permission in azure portal so that the API will work. – Prakash May 03 '19 at 06:01
  • Give me some more details please ,Which directory role the request owner has? – Md Farid Uddin Kiron May 03 '19 at 06:14
  • This is the step Go to `Azure Active directory` > `App registrations` > `Select your Application where you would like to add this user` > `API permissions` >` Microsoft Graph` >` User.ReadWrite.All`. If you have admin directory role you need not to have extra permission for that. – Md Farid Uddin Kiron May 03 '19 at 06:20
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/192752/discussion-between-prakash-and-md-farid-uddin-kiron). – Prakash May 03 '19 at 06:48
  • hello @MdFaridUddinKiron, can you please help me in answering this question. I was stuck whole day. I had given the question link "https://stackoverflow.com/questions/55980254/there-was-an-error-sending-this-message-to-your-bot-http-status-code-notfound" .Please help me. – Prakash May 04 '19 at 06:55
  • @Prakash Okay I will take a look there if I can. Thank you – Md Farid Uddin Kiron May 04 '19 at 11:39
  • I developed a application that uses the azure active directory connection authentication. I should allow any user from any domain to access. But in the above answer you mentioned that "the user need to add as a external azure active directory". Is there is any way to allow any user from any domain to access , without adding them in azure active directory in my azure account.. – Prakash May 13 '19 at 12:41
  • @Prakash yeah there is a way but that is not recommended by Microsoft as that is harmful for security. You could check Resources Owner Password Credentials(ROPC). – Md Farid Uddin Kiron May 13 '19 at 15:46
  • Actually if we have any OAuth connections like 'sign in with google' like that, they are not adding the user in their account. Anyone who has a google account they can logged in there. Like that I also need from the azure OAuth. Is there any way for that. please tell me. – Prakash May 14 '19 at 04:19
  • Thanks. Can you say how to do that in azure active directory connection. – Prakash May 14 '19 at 04:51
  • Go your B2C tenant , select `Identity providers` then select that you want. See the screen shot https://imgur.com/a/kvv5zyj || You could refer here https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-add-identity-providers – Md Farid Uddin Kiron May 14 '19 at 05:10
  • Thanks. I think I asked the question wrongly, sorry for that. Actually I had a microsoft bot application that authenticates the any user with azure active directory but it need to allow any user who had azure account with my azure active directory connection. For Eg. It should allow the person like xxx@cts.in into my bot when he had azure account. It may be some other domains like yyy@tcs.in. – Prakash May 14 '19 at 08:14
  • Please respond for my above comment. I got stuck with that. – Prakash May 14 '19 at 09:20