Having issues with multitenant collaboration onboarding to the member tenant.

Question

Not sure if you can assist with this matter. I am setting up a multitenant collaboration resource for our organization and have run into an issue. After onboarding 15 user into the member tenant portal I am receiving error messages that the onboarding is out of scope.

 

Attribute name                                                                              Attribute value

SkipReason                                                                                      NotInScope

IsActive                                                                                            False

Assigned to the application                                                         False

IsInProvisioningScope                                                                     True

Filter external users.alternativeSecurityIds EQUALS 'None'            False

 

 

Which is incorrect. This person is:

 

IsActive                       True

Assigned to the Application       True

Filters external users            True

 

This user and 23 others will not merge with the other tenant. If someone knows how the setup should be configured to circumvent this issue, I would appreciate the help. 

Answer 1

Hi @Darrell Bundy
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue: Having issues with multitenant collaboration onboarding to the member tenant.

Solution: Resolved by @Darrell Bundy
"In Microsoft each of the users affected had (Ready for SMS sign-in), which showed in Users Identities as "phone" instead of "Domain.onmicrosoft.com" active in Authentication Methods. Once you disabled this option each of the users that were out of scope synced correctly".

If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Thanks,

B. Siri Chandana.

Answer 2

Hi @Darrell Bundy

Thank you for posting your issue on Microsoft Q&A.

I understand that you are setting up a multitenant collaboration resource for your organization and running into an issue receiving error message that the onboarding is out of scope.

By default, when provisioning scope is reduced while a synchronization job is running, users fall out of scope and are soft deleted, unless Target Object Actions for Delete is disabled. For more information, see Deprovisioning and Define who is in scope for provisioning.

Currently, SkipOutOfScopeDeletions works for application provisioning jobs, but not for cross-tenant synchronization. To avoid soft deletion of users taken out of scope of cross-tenant synchronization, set Target Object Actions for Delete to disabled.

Follow the document to set up configuration with the other tenant: https://learn.microsoft.com/en-us/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-configure#step-8-optional-define-who-is-in-scope-for-provisioning-with-scoping-filters

Hope this helps. Do let us know if you have any further queries.

If this answers your query, do click `Accept Answer` and `Yes`.

Thanks,

B. Siri Chandana.

Answer 3

"In Microsoft each of the users affected had (Ready for SMS sign-in), which showed in Users Identities as "phone" instead of "Domain.onmicrosoft.com" active in Authentication Methods. Once you disabled this option each of the users that were out of scope synced correctly".