How to configure Azure AD SSO for Customer tenants.

When configuring Azure AD as the Single Sign On option (Setup -> Admin -> Single Sign On -> Azure AD) ( https://docs.vmware.com/en/VMware-Aria-Cost/SaaS/using-and-managing-vmware-aria-cost/GUID-managing-sso.html#enable-azure-active-directory-sso-25) for your Customers tenant please ensure you do so through a User account using the customers domain.

The Setup -> Admin -> Azure AD option when selected will claim the domain of the user currently activating SSO, so if done so from a Partner User the Partner's domain will be claimed and block sign in to the Partner tenant.

E.g.

• Partner: [email protected]
• Customer: [email protected]

If [email protected] switched into the Customer tenant and ran through the SSO process, the partner domain would be claimed under the Customer tenant. If [email protected]  signed in and ran through the SSO process, that customer domain would be claimed. 

Note: This only applies for the Setup -> Admin -> Single Sign On -> Azure AD option, the SAML option will allow the domain to be claimed to be specified. Azure AD SSO can be configured via the SAML option by following - https://support.cloudhealthtech.com/hc/en-us/articles/360053181471-Is-there-a-step-by-step-process-for-SSO-Azure-AD-SAML-Registration-