Add Azure AD Guests to RedCap
After setting up RedCap in Azure in a previous post, I got a request to add an external person to your RedCap installation. I wanted to document what I did to make it easier for others.
To make user management easier, I created an Assigned Security Group in Azure AD titled “RedCap Users”. I then added the Group assignment to the RedCap app in Azure AD at Enterprise applications > RedCap > Users and groups > Add user/group:
After I assigned the Group to the app, I invited my external Gmail account to the Azure AD tenant at Users > New user > Invite external user:
I added my user information, then added the account to the RedCap users group: 
After I added the account, I needed to change the setting in Azure AD to allow external Microsoft accounts to access Redcap. To do this, I needed to change the App Registration Manifest, found in Azure AD > App registrations > RedCap > Manifest.
I changed 2 values from the default:
"accessTokenAcceptedVersion": null,
↪"accessTokenAcceptedVersion": 2,"signInAudience": "AzureADMyOrg",
↪"signInAudience": "AzureADandPersonalMicrosoftAccount",
After making these changes, I checked my email and completed the invitation to the Azure AD tenant:
After going through the signup process, I see the App listed in the My Apps page for my Guest account: 
After clicking through, I was able to setup my RedCap account and was authorized to login:
My RedCap user account shows up as my email at tdannecy_gmail.com#ext#@DOMAIN.onmicrosoft.com, indicating that I am a Guest/External account in the tenant:
When I login as a RedCap administrator, I can see my Guest account has been added to the Browse Users list:
I hope this was helpful to others. It took me a bit to find the attribute I needed to change in the Manifest to get it working.
