I am trying to give access to a user from one Azure AD to another Azure AD. I think I am just missing a small step here, because I have read in a dozen places that this is really simple. I just keep getting an error that the account is not in active directory.
I have two different Azure instances, neither have AD synced to an on-premisis AD. Each only has a handful of users (say 5 years each).
Org 1) I have an organizational Azure instance with Azure AD set up, and a new user set up; call this User1@ABC.com.
Org 2) I have an organizational Azure instance with Azure AD set up, call it XYZ-Client.com. I have a Global Admin account that was created in XYC.com
I want to add User1@ABC.com to the domain XYC-Client.com. Azure AD support documents say that Azure AD has a trust with Azure AD, you can do this by adding them as an external user. Going to Azure AD > Domain > Users > Add User > User in another Windows Azure AD directory. When I add User1@ABC.com, I get the error that no user exists in a directory I have access to. That error makes sense to me, because I would assume ABC.com has to allow an AD query request. I just cannot figure out how grant that access. The support documents don't seem to cover that step, or if they do, I completely missed it.
Other posts from 2013/2014 indicate that you can't do it, but that doesn't fit with the documentation on Azure's website right now.
Reason for use:
VSO is linked to Azure AD at XYZ-client.com. If User1@ABC.com is not listed in Azure AD, they cannot access VSO. The only option is to create a new account, or use a MSA/Live account...which sucks because the third option to add a current Azure AD account is
right there, it just won't work.
Any help would be appreciated. Thanks!