Office 365 notification MC194386 brings the news that Teams
will soon offer “native support” for guest access for people with Gmail
accounts. This fulfils Office
365 roadmap 57037.
Before getting too excited about this innovation, let’s reflect on two points: first, you must do some work to enable Google federation in Azure Active Directory (by creating an organizational relationship). Second, you might not want to allow Gmail users to be guests in some or all the teams in your tenant on the basis that you don’t want guests to use consumer accounts (the problem with such a policy is that many independent professionals use Gmail addresses).
Blocking guests from Google domains is easily done by creating a blacklist or whitelist (you can only pick one list) in the Azure B2B Collaboration policy for the tenant. With such a policy in place, team owners won’t be able to invite members from the blocked domains. In Figure 1 we see that Google.com is one of the domains on the blacklist for guest invitations.
Figure 1: Azure Active Directory External Collaboration settings
Some were surprised that the announcement covers Teams only and doesn’t apply to all the Office 365 apps which support Azure B2B Collaboration. The answer lies in that federation works when guests sign in using a specific tenant context, or an endpoint that’s capable of processing the request to connect using the proffered credentials. Teams can do this while other applications cannot, at least for now.
Read the Office 365 for IT Pros eBook for more information about Teams, guest user access, and Azure B2B Collaboration,
10 Replies to “Teams to Support Federated Guest Access for Gmail Accounts”
I have a Support request with Microsoft about this. It seems the link that is end to a Gmail user in the invitation is not working and you get an error.
(Account is unknown)
If you create a link yourself like described in the documentation :
Congratulations on being a trailblazer. The links in Azure B2B collaboration invitations are really important because they bring a guest back to an endpoint that can handle the redemption of an invitation. Getting them right is critical. As you have found out…
Microsoft helpdesk lets me try all other options to login and all other hoops i needed to jump through.
I even made them a camtasia video to explain myself.
But after i wrote: “This is getting irritating” and explained it one more time, it moved to Teams Technical support.
I hope it will be resolved soon.
Loading...
An update from me. I have received a lot of questions from Microsoft. They let me try al kinds of ways to login. Now i just have send the Edge Har files of the failing login process. In my view all they need to do is to change the link that is send in the invitation mail. How it needs to look is in their own documentation. Am i thinking to simple?
No you’re not. Sometimes problems exist to stop things being simple, but seeing that the documentation is out of sync with the software, you wonder why this situation arose. After all, the writers work with the developers to document the code as it is written…
Hi me again. I am still with the Service call from Microsoft to get this working correctly. They asked me again for the information i allready send 3 times. I almost wanted to include a sample of my bodily fluids. 🙂 But i didn’t.
I got this message: ”
This is to inform you that an internal ticket has been raised after consulting the senior team and sharing all the details collected. The backend team is now working on the issue. ”
So still waiting to get the correct link in the invitation mail. 🙁
I was going to say urine….. but i would not make friends i think. 🙂
Loading...
I have received an e-mail from Support;
Thank you for all your cooperation in providing all the requested details in persuing this issue towards a permanent solution which we have not reached as yet. However your cooperation would surely contribute towards a solution to this issue for multiple customers who are experiencing this issue.
We have identified it to be an internal bug in our system and the relevant team is working to get this rectified though there is not a clear turn around time on this. However you can expect it to be resolved in the near future.
“We have identified it to be an internal bug in our system and the relevant team is working to get this rectified though there is not a clear turn around time on this. However you can expect it to be resolved in the near future. Based on the previous communication I will close this ticket ” So we need to wait and see.
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
I have a Support request with Microsoft about this. It seems the link that is end to a Gmail user in the invitation is not working and you get an error.
(Account is unknown)
If you create a link yourself like described in the documentation :
https://docs.microsoft.com/nl-nl/azure/active-directory/b2b/google-federation#limitations like so:
https://myapps.microsoft.com/?tenantid=
Then it is working. Still working with Microsoft to get this link in the invitation working.
Congratulations on being a trailblazer. The links in Azure B2B collaboration invitations are really important because they bring a guest back to an endpoint that can handle the redemption of an invitation. Getting them right is critical. As you have found out…
Thanks for the compliments. It is weird that something like this is not tested.
This is the link in the Invitation e-mail:
https://teams.microsoft.com/l/team/19:4fb1XXXXX09fd40d62ed@thread.skype/0
(The XXX i added to make it anonymous)
This will give an error. And also wil not give me the Gmail login option.
The link:
https://myapps.microsoft.com/?tenantid=XXX etc
works just fine.
Microsoft helpdesk lets me try all other options to login and all other hoops i needed to jump through.
I even made them a camtasia video to explain myself.
But after i wrote: “This is getting irritating” and explained it one more time, it moved to Teams Technical support.
I hope it will be resolved soon.
An update from me. I have received a lot of questions from Microsoft. They let me try al kinds of ways to login. Now i just have send the Edge Har files of the failing login process. In my view all they need to do is to change the link that is send in the invitation mail. How it needs to look is in their own documentation. Am i thinking to simple?
No you’re not. Sometimes problems exist to stop things being simple, but seeing that the documentation is out of sync with the software, you wonder why this situation arose. After all, the writers work with the developers to document the code as it is written…
Hi me again. I am still with the Service call from Microsoft to get this working correctly. They asked me again for the information i allready send 3 times. I almost wanted to include a sample of my bodily fluids. 🙂 But i didn’t.
I got this message: ”
This is to inform you that an internal ticket has been raised after consulting the senior team and sharing all the details collected. The backend team is now working on the issue. ”
So still waiting to get the correct link in the invitation mail. 🙁
At least they didn’t ask you for a DNA sample.
I was going to say urine….. but i would not make friends i think. 🙂
I have received an e-mail from Support;
Thank you for all your cooperation in providing all the requested details in persuing this issue towards a permanent solution which we have not reached as yet. However your cooperation would surely contribute towards a solution to this issue for multiple customers who are experiencing this issue.
We have identified it to be an internal bug in our system and the relevant team is working to get this rectified though there is not a clear turn around time on this. However you can expect it to be resolved in the near future.
So we need to wait.
“We have identified it to be an internal bug in our system and the relevant team is working to get this rectified though there is not a clear turn around time on this. However you can expect it to be resolved in the near future. Based on the previous communication I will close this ticket ” So we need to wait and see.