Lately, we are dealing with a login problem of external users. Error is classic : “You are not authorized to login with your current credentials. You will be redirected to the login page in a few seconds.”
First, e-mail address field on user setting is not actually an e-mail address. It is UPN, user principal name.
Similarly in Azure Active directory e-mail address is not actually an e-mail address. it is again UPN. Don’t forget to update provider.
Most organisations are using UPN and e-mail address same. But what if not?
Scenario 1.
user email is name.surname@abc.com
upn is u-surname@abc.com
Solution : you have to put in UPN in e-mail address in D365 user setting. Dint forget to set provider. it is like https://sts.windows.net/abc.com
Scenario 2.
You setup user with UPN but still having error.
Solution: check AAD users (azure portal> azure active directory>users) having users e-mail address name.surname@abc.com
if this is a guest account then move it to alternate e-mail address
if this is AD account then leave e-mail address blank.
This happens when you invite external user to your resource like sharepoint or onedrive. AAD automatically creates this guest account and puts in e-mail address to the e-mail address field. it looks like pretty straight forward right. its not.
You are welcome!
Microsoft, please stop playing with terminology and naming!