#AzureAD : B2B Collaboration

Azure Active Directory business-to-business (B2B) collaboration is a capability of Azure AD that simplifies the provisioning of non-corporate users (who don’t have accounts in organizational Azure Active Directory in any form, neither using cloud native Azure AD identity nor with hybrid identity) to provide access on organizational resources, applications and data. It enables collaborative capabilities to work with people beyond your organizations such as partners, vendors, freelancers, government agencies etc. There is no mandate for these external people to have any kind of specific identity requirements. To make it simple, I am calling every non-corporate user as a partner of your organization in this blogpost.

Your partner can have Azure AD tenant, Hybrid identity or with no corporate identity, or even with or without an IT organization. Using this capability, Organization with Azure AD can provide access to the organizational resources, application and data to any partner. This Access can be provided on three different levels, i.e. tenant level, application level and user level. Organizations can also leverage the Azure AD B2B APIs to write applications that can connect two organizations in a simpler and secure manner so that the users can take the advantage of collaboration without any identity chaos.

Azure AD provides the following set of capabilities:

Work with any user from any partner Simple and secure collaboration No management overhead

Partners use their own credentials

Provide access to any corporate app or data, while applying sophisticated, Azure AD-powered authorization policies

No external account or password management

No requirement for partners to use Azure AD

Easy for users

No sync or manual account lifecycle management

No external directories or complex set-up required

Enterprise-grade security for apps and data

No external administrative overhead

Courtesy: Microsoft

Let me show you how to do it.

Login to the Azure Active Directory Portal and go to the “Users”.

To invite a new non-corporate users, select “+New guest user”.

Enter the email address of the user and you can also add the personal message and then click on “Invite”.

User will receive a invite from the organization on his email account.

User has to open the email message and select “Get Started” to configure his account.

Once user select “Get Started” in the email message, he/she will be redirected to the organizational login page. Here select “Next” to continue.

Create your password to access the organizational resources, applications and data, and then click on Next.

You will receive a code on your email address, enter the received code here and click on Next.

Enter the captcha to verify your authenticity and click on Next.

You will be redirected to the page if your host organization has conditional access policy such as MFA.

Once, you are done with all the pre-requisite. You will be redirected Access panel of applications.

Now, as a host you can assign access to the guest users on your organizational applications.

Once, guest user will have access on application. He/She can access application from the access panel.

However, you can directly go to the enterprise applications and invite user from their itself. To invite a new guest, select “+Invite”

Enter the email address of guest and personal message.

Once, you will invite new guest user directly from the application then he/she has to follow the same method that we had followed earlier in this blogpost.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s