Azure Active Directory business-to-business (B2B) collaboration is a capability of Azure AD that simplifies the provisioning of non-corporate users (who don’t have accounts in organizational Azure Active Directory in any form, neither using cloud native Azure AD identity nor with hybrid identity) to provide access on organizational resources, applications and data. It enables collaborative capabilities to work with people beyond your organizations such as partners, vendors, freelancers, government agencies etc. There is no mandate for these external people to have any kind of specific identity requirements. To make it simple, I am calling every non-corporate user as a partner of your organization in this blogpost.
Your partner can have Azure AD tenant, Hybrid identity or with no corporate identity, or even with or without an IT organization. Using this capability, Organization with Azure AD can provide access to the organizational resources, application and data to any partner. This Access can be provided on three different levels, i.e. tenant level, application level and user level. Organizations can also leverage the Azure AD B2B APIs to write applications that can connect two organizations in a simpler and secure manner so that the users can take the advantage of collaboration without any identity chaos.
Azure AD provides the following set of capabilities:
Work with any user from any partner | Simple and secure collaboration | No management overhead |
Partners use their own credentials |
Provide access to any corporate app or data, while applying sophisticated, Azure AD-powered authorization policies |
No external account or password management |
No requirement for partners to use Azure AD |
Easy for users |
No sync or manual account lifecycle management |
No external directories or complex set-up required |
Enterprise-grade security for apps and data |
No external administrative overhead |
Courtesy: Microsoft
Let me show you how to do it.
Login to the Azure Active Directory Portal and go to the “Users”.
To invite a new non-corporate users, select “+New guest user”.
Enter the email address of the user and you can also add the personal message and then click on “Invite”.
User will receive a invite from the organization on his email account.
User has to open the email message and select “Get Started” to configure his account.
Once user select “Get Started” in the email message, he/she will be redirected to the organizational login page. Here select “Next” to continue.
Create your password to access the organizational resources, applications and data, and then click on Next.
You will receive a code on your email address, enter the received code here and click on Next.
Enter the captcha to verify your authenticity and click on Next.
You will be redirected to the page if your host organization has conditional access policy such as MFA.
Once, you are done with all the pre-requisite. You will be redirected Access panel of applications.
Now, as a host you can assign access to the guest users on your organizational applications.
Once, guest user will have access on application. He/She can access application from the access panel.
However, you can directly go to the enterprise applications and invite user from their itself. To invite a new guest, select “+Invite”
Enter the email address of guest and personal message.
Once, you will invite new guest user directly from the application then he/she has to follow the same method that we had followed earlier in this blogpost.