Azure AD B2B allows external users to collaborate with the organization’s application, services, and data. To allow guest user access, these external users are required to have Azure AD account, Microsoft Account, or Google federation (for @gmail.com and @googlemail.com users). But now, if the guest user doesn’t have any of the above-mentioned accounts, he/she can connect using One-time passcode. This code will send to the guest user’s email account. The passcode will be valid for 30 minutes. Once the user is authenticated, the session will be valid for 24 hours, and after that guest user is required a new code to log in. Starting October 2021, one-time passcode authentication will be enabled for all existing tenants and new tenants.
OTP users must use the https://myapps.microsoft.com/?tenantid=<tenant id> , https://portal.azure.com/<tenant id> or https://myapps.microsoft.com/<verified domain>.onmicrosoft.com when they authenticate. In above <tenant id> should replace with the organization’s tenant ID. <verified domain> should replace using the verified domain details.
Let’s go ahead and see how OTP works with Azure AD B2B Guest Users.
Enable OTP Feature
To start, first, we need to enable the OTP feature for guest users.
1. Log in to Azure portal as Global Administrator
2. Then go to Azure Active Directory
3. Go to External Identities | All Identity Providers
4. From the list of configured Identity providers, click on Email one-time passcode (Preview)
5. From the options list, first, click on Enable email one-time passcode for guests effective now and then Save