How can I add Connected Organizations programatically, with Microsoft Entra ID as Authentication type?

Question

How can I add Connected Organizations programatically, with Microsoft Entra ID as Authentication type?

Philip Nerem 0

Hi,

When adding connected organizations using Powershell, Microsoft graph, or any other scripting language, the connected organization is added with auth type: OTP/Microsoft account.

When adding the connected org using Entra portal, the org is correctly added as a Microsoft Entra ID tenant.

Is there any way to add the org as a Microsoft Entra ID tenant programatically?

Note that the external tenant ID is not known to us when adding organizations, as there are no existing users from those organizations as Guest users.

Philip Nerem 0 Reputation points

2025-04-23T12:45:36.08+00:00

Thank you for the fast response on this.

I think I can conclude with the fact that there is no way to add Microsoft Entra ID auth type programatically?

I am working with partner companies across the globe, and 99% use Entra ID. That is why I would like to add the organizations (domains) directly with the correct auth type. Adding the organizations with OTP/MS account will most likely lead to problems when users are applying for access packages.

The reason I want to add Entra ID auth type programatically, is that I have a self-service portal, where users can request new domains to be added, and IT admins can approve the request in a pipeline. ClickOps is not the preferred way of doing that when the process of adding organizations happens on a regular basis.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-23T15:29:00.7666667+00:00

Hello @Philip Nerem
Yes, there is no way to add Microsoft Entra ID auth type programatically. If you want to add the connected organization programmatically you can add using Microsoft graph and PowerShell, but you cannot add auth type programmatically.
Do let us know if you have any queries. We are happy to assist further.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-24T10:08:15.6+00:00

Hello @Philip Nerem
Following up to see if the suggestion was helpful. And, if you have any further query do let us know.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-25T09:36:39.4266667+00:00

Hello @Philip Nerem Following up to see if the suggestion was helpful. And, if you have any further query do let us know.

1 answer

Your answer

Philip Nerem 0 Reputation points

2025-04-23T12:45:36.08+00:00

Thank you for the fast response on this.

I think I can conclude with the fact that there is no way to add Microsoft Entra ID auth type programatically?

I am working with partner companies across the globe, and 99% use Entra ID. That is why I would like to add the organizations (domains) directly with the correct auth type. Adding the organizations with OTP/MS account will most likely lead to problems when users are applying for access packages.

The reason I want to add Entra ID auth type programatically, is that I have a self-service portal, where users can request new domains to be added, and IT admins can approve the request in a pipeline. ClickOps is not the preferred way of doing that when the process of adding organizations happens on a regular basis.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-23T15:29:00.7666667+00:00

Hello @Philip Nerem
Yes, there is no way to add Microsoft Entra ID auth type programatically. If you want to add the connected organization programmatically you can add using Microsoft graph and PowerShell, but you cannot add auth type programmatically.
Do let us know if you have any queries. We are happy to assist further.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-24T10:08:15.6+00:00

Hello @Philip Nerem
Following up to see if the suggestion was helpful. And, if you have any further query do let us know.
Harshitha Eligeti 2,755 Reputation points Microsoft External Staff

2025-04-25T09:36:39.4266667+00:00

Hello @Philip Nerem Following up to see if the suggestion was helpful. And, if you have any further query do let us know.

Answer 1

Hello @Philip Nerem

I Understand when adding connected organizations using PowerShell, Microsoft graph, or any other scripting language, the connected organization is added with auth type: OTP/Microsoft account. But when adding the connected org using Entra Portal the org is correctly added as a Microsoft Entra id.

Microsoft Entra directory or domain authenticate depends on the authentication type. The authentication types for connected organizations are:

Microsoft Entra ID, in the same cloud
Microsoft Entra ID, in another cloud
SAML/WS-Fed identity provider (IdP) federation
One-time passcode
Microsoft Account

Even though if you are adding the connected organization using Entra portal, confirm that the organization name(s) and authentication type(s) are correct. Users sign in, prior to being able to access the MyAccess portal, depends on the authentication type for their organization. If the authentication type for a connected organization is Microsoft Entra ID, all users with an account in that organization's directory, with any verified domain of that Microsoft Entra directory, will sign into their directory, and then can request access to access packages that allow that connected organization.

If the authentication type is One-time passcode, this allows users with email addresses from just that domain to visit the MyAccess portal. After they authenticate with the passcode, the user can make a request.
User's image

If you want to add the connected organization programmatically you can add using Microsoft graph and PowerShell. reference: https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-organization#managing-a-connected-organization-programmatically

For additional information you can follow: https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-organization#what-is-a-connected-organization

Do let us know if you have any queries.we are happy to assist further.

Share via

How can I add Connected Organizations programatically, with Microsoft Entra ID as Authentication type?

1 answer

Your answer