Showing results for 
Search instead for 
Did you mean: 
Regular Visitor

Sharing App with External Office 365 users whose eternal tenant email accounts are already associated with AD user accounts for our non-Microsoft Apps

So this is a bit of a weird one and our Azure AD admins have no idea how to go about it without just using up an internal domain license to give them an internal email address.  

We have original applications that we created with a developer and our contracted users are granted access to these applications through user IDs we generate for them that are managed through what appears to me to be Active Directory.  So this means that their work email address is associated with an account that we manage in our internal Active Directory but their Office 365 work account is with their own tenant.  From what I can tell it appears that they have a sort of shadow internal tenant email address that includes onmicrosoft in it assigned to this account but I cannot seem to use that version of the email address or their own actual work email address with their tenant's domain in it.  When they try to log in when we grant access using either their external email or the onmicrosoft one they can never successfully log in.

I was trying to set up a PowerApp for people in this external user group last year with no success and now a coworker of mine is trying to set this up and is hitting similar issues.  

We only switched over to using Azure AD to manage everything in the past 2 or 3 years and we have been using these non-Microsoft applications with our unique login ids for many years prior to that.  I'm assuming some sort of Frankenstein merge happened on the backend when we switched to Azure AD for everything.  

We also recently started using Okta and these external users access these applications through Okta now.  I thought maybe we could use that as a way to access a PowerApp as well but I haven't been able to find anything on if/how that would be possible.  I'm pretty sure Okta is using our Azure AD to validate these external users but I have no idea if or how we could carry that over to a PowerApp.


Dual Super User
Dual Super User

I would suspect you'll need to create guest accounts in Azure AD for the users using their external email address as the basis for the account.  That will let them use their own licensing for Power Apps shared apps.  But they will now have two logins for your tenant.  After creating the new accounts, you should be able to add them to the existing applications so they can use them under those accounts instead of the old ones.

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Users online (4,950)