Make account switching work for personal and org accounts that have the same email address
I have two Microsoft accounts: one that is a personal account, and one that is an organizational account. Both of these accounts have the same email address.
I'm an independent contractor mobile app developer. I have been invited to a Teams instance by my client. I am using the macOS Teams client.
When I use my personal Microsoft account to login to Teams, I am shown the invitation page ("You've been invited to [My Client]"). I click the "Continue" button. A 2nd blank window title "Microsoft Teams" briefly appears; I assume this is the authentication window, and that it only briefly appears because it detects that I am already authenticated. Then the main Teams window shows an animation of a man with a beard encircled in an ID badge that is changing colors from lavender to pink to blue. The message says "We're switching you to your other account. It'll just take a moment...". The animation and message are shown for about 60 seconds, and then the main window returns to the previous UI and message "You've been invited to [My Client]" along with the "Continue". The app's UI flow continues in this loop indefinitely.
When I use my organizational Microsoft account with the same email address string, I get an error screen saying "Doh! Something went wrong..." with a Try Again button.
Again, I have two different Microsoft accounts, both tied to the same email address: one organizational account, and one personal account.
Tobias M commented
I cannot log into Teams because I don't know which of my 2 accounts with the same email is required. I have no meaningful or easy way to tell these accounts apart. Which begs the question:
Why is it even possible to allow people to use the same email address for two types of accounts? I don't see any value in this.
This "feature" might serve an older generation or use case I'm unaware of, but most people nowadays use separate email addresses for private and work accounts, so we should have a 1 to 1 relationship between our accounts and emails. There is no need AFAIK to support 2 accounts on 1 email address.
Please remove this option.
Consider this from a User and security perspective:
In the scenario where someone is brought into Teams with an external account, a duplicate account needs to be created. There is no flow or dialogue with the user informing them of this need. So they get stuck and wind up using internal support's time to find the cause.
How should users even be aware of the fact other accounts with the same email exist? I have never seen this on any other email or ID provider. It's completely unexpected and causes a massive waste of time and productivity for users.
From a security point of view, creating a second account that looks completely identical to my other account without giving me clear information about this leaves me and my organisation vulnerable. How am I the user supposed to stay on top of these seemingly identical accounts?
Tagging one account as "work" and another one as "personal" won't help either if I only use one of these accounts infrequently. The tag tells me nothing to tell them apart. I need something much more clear.
If the user is unaware of the second account due to unclear communication in the navigation flow, or due to infrequent use, the account password won't get updated either. The user will forget about the account and the security risk grows.
I think it's unfortunate so many MS products work well when a very important and basic user interface for IAM is lacking.
- Remove the option to allow multiple accounts for each email
- Create a simpler UI to help users switch between accounts
Not to be rude but Google does a fairly good job for the latter. I'd like to see the same from Microsoft.
Romain G commented
A small workaround found by a colleague (many of my team have the same problem) :
1. connect with personal (Live) account on first authentication pop-up
2. on "you have been invited" page, select team and continue
3. Teams displays another authentication popup -> on this one, enter professional (Azure AD) account
4. you are connected !
Maybe this quite dirty workaround have some other impacts. To see in the next episode !
Romain G commented
I have the same blocking bug with Teams client on Windows 7 (version 1.1.00.18052), with a quite more detailed message :
"Could you reconnect ? sorry for trouble" (I've translated from French)
ID de session : 0e0cb875-63a9-eb06-51f5-8ce11331e63b
Code d’erreur : AADSTS50001: Resource 'https://api.spaces.skype.com'; is disabled.
I hope it will be resolved soon, because the product seems promising
Anthony G commented
I agree this is an issue that needs fixing, sorry MS you have allowed multi select account type of the same ID for all your apps and services when logging in. Please fix this bug and also when adding users to an ms team, to ask the admin for which type of account it is if they have both work and personal.
This is a road blocker for some users wanting to use MS Teams where I work.
UPDATE: I'm seeing the same described behavior in the Team client for Windows as well. (220.127.116.1159)