IM Connector for Azure and User Type Guest
search cancel

IM Connector for Azure and User Type Guest


Article ID: 231934


Updated On:


CA Identity Manager CA Identity Suite


The Symantec IGA (CA Identity manager) Azure REST Connector supports two user types "Guest" and "Member"  (refer to the product documentation for more information - Link below) 

The documentation states, to create a guest user, configure an account template and fill the "User Type" field with the word "Guest", however, this does not work as expected.

IM appears to create an external "Guest" user which authenticates outside of the Tenant domain ( To change this to authenticate inside the Tenant domain ( requires an invitation to be sent to the participant.


This is documented by Microsoft as follows: If you want to create an azure type guest, you should use this HTTP Post to Azure:

       and fill the invitedUserEmailAddress field with the '[email protected]' email address of the invited user.

 But the actual Azure connector is doing is this:

 and filling the UserType field with "Guest".

What is the expected functionality of the Azure connector in IM?


Release : 14.x

Component : IdentityMinder(Identity Manager)


Currently, the Azure REST connector does not fully support the Guest user type (the invitation operation is not supported). This feature will be implemented in a feature release of Symantec IGA (CA Identity Manager).