We have setup Azure B2B Multi-tenant AD which allows external user as guest. Setup works well but for some reason few of our external customers (guest users) are not able to login.
Few are getting Admin Consent and few are getting these error message - 'Using application MYAPPNAME is currently not supported for your organization customer.org because it is in an unmanaged state.An administrator needs to claim ownership of the company by DNS validation of customer.org before the application MYAPPNAME can be provisioned.'
Major change we made here is from Single Tenant App to Multi-tenant Azure AD App.
We are using MSAL authentication.
Any help?
1 Replies
I'm not sure about the login issue. I can tell you only about the failure to update policy.
As you configure cross-tenant access settings, if you receive an error that says “Failure to update policy due to object limit,” you've reached the policy object limit of 25 KB. We're working toward increasing this limit. If you need to be able to calculate how close the current policy is to this limit, do the following:
GET https://graph.microsoft.com/beta/policies/crosstenantaccesspolicy
policyobject.txt
. $policy = Get-Content “C:\policyobject.txt”
$maxSize = 1024*25
$size = [System.Text.Encoding]::UTF8.GetByteCount($policy)
write-host "Remaining Bytes available in policy object"
$maxSize - $size
write-host "Is current policy within limits?"
if ($size -le $maxSize) { return “valid” }; else { return “invalid” }
For more details You can follow the documentation.