AD users (guest accounts) cannot log in to with Azure DevOps credentials

Our contractor developers are added to our Azure AD as guest accounts. I need them to be able to view sonar reports in the event that a quality gate blocks a PR. Unfortunately, they are unable to log in to and are seeing this error:

I added their AD accounts to the Sonarcloud enterprise application in our Azure AD, but this did not resolve the issue.

1 Like

this seems related to this B2B issue discussed here

based on this thread, I attempted to grant admin consent:

1 Like

just adding more info as I dig deeper… obviously, you don’t support personal microsoft accounts. However, my guest accounts are work/school accounts, all set up in Azure DevOps as well. My current assumption is that, based on you using the common authorize endpoint, which does not support guest accounts, that I cannot use azure ad guest accounts from other domains to log in to even though they are logging in as work/school accounts, not personal accounts.

some related posts:

1 Like

Unless I hear differently from Sonar, I’m considering this issue unresolvable at the time of this writing. I’ve summarized the issue and a possible solution under the feature request linked below. Go vote if you have this issue!

Hi Brian,

indeed, this is (another AD-based) use case which SonarCloud does not cover well yet.

Identity management in the Microsoft world is really complex, and fortunately we have good contacts at Microsoft to help on this. The fact is: they are themselves currently doing a lot of developments to simplify all this, and hopefully we’ll be able to benefit from this in the near future to more easily and seamlessly support all of those various use cases.

In any case, thanks for the investigation and all the details!