Solution for guests accounts with an organisation account without Office365 tenant to be able to login at teams.microsoft.com
I have created several guest accounts following the instructions here:
https://docs.microsoft.com/en-us/microsoftteams/guest-access
Basically,
Enabled Guest Access in Office365 Admin Center
Added guest account through Azure Active Directory
a. Guest account received email Azure AD "You're invited to the organization"
b. Guest follows the "Get Started" link in the email to create a password
- Added guest to a Team through Microsoft Teams desktop application
a. Guest account received email Teams "You have been added to a team in Microsoft Teams"
b. Guest follows the "Open Microsoft Teams" link in the email to be sent to teams.microsoft.com
c. Guest is redirected to login.microsoftonline.com
d. Guest logins in using email/password from #2b
e. Guest is redirected to the Teams page and is able to work.
--
When the Guest tries to login directly to Teams - either through teams.microsoft.com or the Teams desktop application - they are redirected first to a login page (login.microsoftonline.com), then after login to an error page:
https://teams.microsoft.com/_#/licenseError?errorCode=UserLicenseNotPresentForbidden
The Guest can still login/access Teams following the "Open Microsoft Teams" link in the #4b email.
Workaround
If the Guest adds the "tenantId" indicated in the #4b/Open Msft Teams email to the Teams URL, for example: https://teams.microsoft.com?tenantId=1234567-89ab-cdef-0123-456789abcdef
Guest is redirected to login.microsoftonline.com
Guest logs in using username/password
Guest is redirected back to https://teams.microsoft.com/_?tenantId=1234567-89ab-cdef-0123-456789abcdef
Guest can now access the Team (without the UserLicenseNotPresentForbidden error)
This workaround only works through the Browser - it does not work through the Teams Desktop App, as it is not possible to include the requisite "tenantId" to login. Using the Desktop App always fails with UserLicenseNotPresentForbidden.
When the Guest is logged in using the correct "tenantId", the Teams menu (in the Browser) looks like this:
microsoft-teams-menu.png
If the Guest clicks on the other account under "Your accounts" (abcdef-0123-4567-89ab-cdef012345), the Guest is redirected to the UserLicenseNotPresentForbidden error page.
microsoft-teams-userlicensenotpresent.png
It seems that a Guest has been assigned two different "tenantId"s (or Azure Object IDs), the first is the one created in step #2, the second is the one created in step #4. When the Guest tries to login without specifying the tenantId, login.microsoftonline.com defaults to the tenantId in #2 (which isn't authorized to access Teams).
I see no place in Teams, Office365 Admin Center, or Azure AD to manage these separate 'tenantId's or allow the Guest to login to Teams using the Desktop App.
Jorik Polhuis
shared this idea
If anyone is still hitting this issue, please respond in the comments section of this topic and let me know!
Thanks!
-Warren
49 comments
-
Anonymous
commented
I have been added as a Guest to a company's Teams. Since then I can no longer login to Teams using the Desktop App. The login page always redirects to the Guest login page. Hence the Desktop App is now useless. (Desktop for Mac)
-
Anonymous
commented
I faced this issue just now...Not able to join through guest id, won't let me in.
-
Chadini Trivedi
commented
I still have the same issue in my enviroment. Even though I have created guests accounts in my enviroment and sent invitation , they still are experiencing issues. at first they can login but then it shuts off and then at times they can not relogin to our tenant.
-
Anonymous
commented
On web, it forces a logout, even when logged into Microsoft account wanted. Then you can choose a tenant/domain.
But on Android, it doesn't work in the app at all. Login just plain fails due.
-
Ben Hogan
commented
Yep getting this error today.
-
Lot
commented
When I open the guest link (I already have an organisational teams) but it won't show in my teams... It just keeps opening my own teams. In the application AND on the web!
-
RCross
commented
This problem still happens with both android and apple clients. Have this issue currently and it's causing communications issues with a customer currently. We had to create a completely separate domain and Free Teams login account with separate credentials just to communicate with the client. Please fix this.
-
SREENIDHI
commented
I have forgotten my password for the Microsoft team group Account please help me recover
My user Id is : sivashankars32ixa@velammalbodhitanjore.onmicrosoft.com -
Anonymous
commented
Yes this is a problem in android device. I cannot join the team as guest of an org. It's my own org and the guest account was created as a test, and the error occurs
-
Anonymous
commented
Unable to join
Looks like the meeting URL is incorrect. Please check the URL and try again. -
Anonymous
commented
Having this issue for adding presenters in Live Events
-
Anonymous
commented
I tried to join ms team as guest for last 10 days but it shows " something went wrong" please help me out I am sending you the screenshot
-
Andrea Cuneo
commented
I'm still hitting this issue.
-
Anonymous
commented
We are an educational institution and during the current period and the global crisis we are exposed to regarding the global epidemic, we are trying to communicate between professors and students through Microsoft Times, but the problem is that many students did not receive their account with the educational institution, can students enter the room set up through the professors link For the group only?
-
Mark
commented
There is an error when guest users click the link invitation
-
Gaute Alvestad
commented
Hi. This is still an issue. We have b2c tenant w/users which we invite to a different tenant w/teams. The issue at hand, I am assuming, is that the apps are only retrieving the tenantid/license of the b2c tenant, and is not discovering it's a guest in a different tenant. (As Jorik explains)
It works fine in browser, where we can define the tenantId, https://teams.microsoft.com/_?tenantId={tenantid} or https://teams.microsoft.com/dl/launcher/launcher.html?url=%2f_%23%2fl%2fteam%2fconversations%3ftenantId={tentantId}&type=team&suppressPrompt=true
I have even gotten it to work with the windows desktop app, by editing the config file for the app.
Powershell: (xxxx-Guid is the teams tenantid)
$FileContent=Get-Content -Path "$ENV:APPDATA\Microsoft\Teams\desktop-config.json"
$JSONObject=ConvertFrom-Json -InputObject $FileContent# Update config object
$JSONObject.upnWindowUserUpn = ""$JSONObject.homeTenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$JSONObject.guestTenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$JSONObject.userOid = "";
$JSONObject.userTid = "";# Stop teams prosses
Get-Process Teams | Stop-Process -Force# Update config file
$NewFileContent=$JSONObject | ConvertTo-Json -Compress
$NewFileContent | Set-Content -Path "$ENV:APPDATA\Microsoft\Teams\desktop-config.json"# Start teams client
Start-Process -FilePath "$ENV:LOCALAPPDATA\Microsoft\Teams\current\teams.exe"But this (editing config file) is sadly not possible on iOS and other "closed" devices.
So it is possible, if we had the possiblity to define the tenantId in the app. Something like "fallbackTenantId" or "defaultTenantId". Could be under advanced settings or someting.
-
SjoerdV
commented
still a problem indeed! please fix it by adding the tenantid parameter in the original invitation email, this way we can just say to Guest Users (or their managers): "please use the original link in the original invitation email to get into Teams in the right tenant". And treating all types of Guest Users (OTP, MSA, ext-AAD) as OTP accounts would be a step in the right direction, this way there would only be one way of managing all these type of accounts, and if you want to use licenses cross-tenant (ext-AAD), make it in such a way that this is only being done on the back-end, we do not want to bore end-users with license errors, do we ;-)
-
jonatan
commented
still a problem, please fix asap!
-
Thomas van der Elsen
commented
Still an issue here. Org doesn't have 365 but user is a guest on another. Email link opens Teams app to sign in, and on signing up it says there are no Team orgs yet. No ability to select tenant, and it seems the email link that works to access Teams on a desktop, does not work on a mobile (presumably the app is ignoring the tenant id).
-
Anonymous
commented
Getting an issue at 2b step. It seems to bypass this for a new user and goes to page for teams tenant. Shows 1 teams group in this instance that new user was invited to and errors back when user clicks on it.
