When a user purchases a subscription for our Saas in Microsoft Appsource he needs to have a Microsoft work account. If the user does not have such an account Microsoft offers the possibility to create one.
However this account creates a user with one role: "Modern-Commerce user". When the user tries to sign in an error occurs: invalid_client: aadsts650051. It seems that the user cannot sign in because he has to grant access to the application but has no rights to do this. Furthermore its tenant is "unmanaged" so there is no administrator who can give this permission to the user.
Does anybody know how we can give a user with an unmanaged tenant and role "Modern-Commerce user" access to our landing-page and Saas?