Besides the regular B2C login method, there is an alternative way of logging in ("B2B"). It involves using your own organisation's Microsoft account  to login to the WMDA Portal, Search & Match, SPEAR and future other services. Instead of having a separate password for WMDA services, you keep using the password from your own organisation. Your own Microsoft account is "invited" into our environment as a guest. There is just another layer of MFA that is enforced on the WMDA side in order to help secure the applications. 

This change of login method needs to be made at the organisation level. That means that all users from the same organisation must use the same login method and that if you would like to move to the "invite" model of logging in, all users from your organisation must do that. 

During the transition, there will be a moment where you won't be able to login using the standard method and are not yet able to login using the "invite" model. This is usually for a maximum of an hour. 

If you would like to make use of this method and the other users from your organisation agree, then please let us know at 

After the change has been made in our systems the following will happen: 

You will receive an invite that looks like this: 

Please click on "Accept invitation" and login to your organisation's Microsoft account if necessary. You will then see the following screen: 

Click "Accept" 

You will then see the following: 

Click "Next" 

Now you can set up MFA in the same way as described in the MFA user guide

Updated login procedure

After you have accepted the invite and have successfully setup MFA, you are now able to login. The following is different compared to logging in using the normal method: 

Information for IT admins at your organisation

When your organisation uses Microsoft365/Office365 then the Microsoft tenant responsible for WMDA application user authentication (c3ab1869-1472-4577-b669-0d64c732e75c) can invite your users into its tenant. Your organisation's Entra ID may need to allow this connection to work. If permitted AND accepted by the user, your user will be a "guest" in the WMDA tenant and its identity is indicated as from an ExternalAzureAD. 

For more information see Microsoft's documentation here:

  • No labels