We have implemented authentication for multi tenant SaaS solution which uses Azure Ad single sign on using OpenIdConnect authentication and its working fine.
The problem is when user is logged in in azure management portal with his live account and in other tab he try to open our app, then he directly gets below error on Microsoft login page.
Additional technical information:
Correlation ID: 78e13474-6f92-40ec-b463-91e36a6dae84
Timestamp: 2015-04-14 12:27:20Z
AADSTS50020:
User account 'xxx@xxxx.com' from external
identity provider 'live.com' is not supported for application
'https://xxxxx.onmicrosoft.com/xxxx'. The account needs to
be added as an external user in the tenant. Please sign out and sign in
again with an Azure Active Directory user account.
This works fine if I will pass "prompt=login" query string parameter in sign in request, But in that case single sign on is not working. Is there any way to resolve this issuewithout loosing single sign on experience?