Azure Identity And Access Management Part 14 – Azure Active Directory – Business-to-Business (B2B) And Guest User 2 – Invitation And Redemption of Guest User
Hello Friends,
In our last articles we have discussed about the overview of Business-to-Business (B2B) And Guest User. Today In this article, we will continue Azure AD Business-to-Business (B2B) And Guest User and discuss how to Invite and redeem a Guest User.
If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.
Part 1 – Azure Active Directory – Overview
Part 2 – Azure Active Directory – Enterprise Users
Part 3 – Azure Active Directory – Create Custom Directory Role & Assign Role using Power-Shell
- *
- *
- *
Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)
Part 10 – Azure Active Directory – Identity Protection.
Part 11 – Azure Active Directory – Privileged Identity Management (PIM)
Part 12 – Azure Active Directory – Privileged Identity Management (PIM) 2 – Create Access Review
Part 13 – Azure Active Directory – Business-to-Business (B2B) And Guest User 1 – Overview
Next Article : Part 15 – Azure Active Directory – Business-to-Business (B2B) And Guest User 3 – Email one-time passcode authentication
Invitation Of Guest User To Azure AD :
In one of our previous article Azure AD Enterprise User, we have discussed on this in a short. Adding a user in our Azure active directory can be done in following 3 different levels. We can log-in to our Azure Portal > Azure Active Directory and find all 3 options there only as shown in the following figure.
Directory Level– Adding user at the directory level needs administration of assigning applications and providing access to different resource after adding the guest user. Here to invite a guest user, as shown in the following figure we can go to Users > All users > click on + New guest user link.
In the New User page provide all required information before click Invite button to send the invitation.
Application Level– If a user is added at the application level, by-default the user will get access for the respective application. To invite a guest user through a application, click on Enterprise Applications > All applications > Select required application > click Users and groups from Manage section and click +Add User from application page as shown in the following figure.
If the guest user already exists in the directory, search for the B2B user. Select the user, click Select, and then click Assign to add the user to the app. If the guest user does not already exist in the directory, under Select member or invite an external user, type the user’s email address and click Invite button after putting personal message in message box as shown in the following figure.
Group Level– If the user is added at the group level, then the authorization will also get applied like conditional access and the user will get all access where the group has access. To invite guest user in group level , go to Groups from Manage section > Select the required group > Members > click + Add members button. Then just like in application level, search the user , if not exists then send invitation by clicking Invite button.
User has not redeem the invitation so it’s Source property of the user is yet Invited User as shown in the following figure.
Invitation Redemption Of Guest User :
When we send an invitation email to the guest, the invitation includes a link the guest can redeem to get access to our applications or Azure portal as shown in the following figure.
As shown in the above figure, we need to click Accept Invitation button to redeem the invitation. But what we see in the following figure, it failed to redeem the invitation.
Microsoft Invitation Acceptance Portal :
We saw in the above figure the invitation redemption failed. Let’s check what might be the reason. As most of us know that there is one Microsoft application (Microsoft Invitation Acceptance Portal), which take care of all redemption of Invitations in back ground. Let’s check if all it’s configurations are in place. To check that,
Enterprise applications > All application and search for Microsoft Invitation Application Portal .
Then go into the properties of the application as in the following figure and check if the ‘ Enabled for users to sign-in ? ‘ is set to ‘Yes‘.
Figure 11 – Azure Identity and Access Management -IAM-Azure Active Directory – Microsoft Invitation Acceptance Portal -Enable for user Sign-inAs we can see in the above figure, the required property is set to ‘No’ . To fulfill our requirement we need to set it to ‘Yes‘ as in the following figure.
Figure 12 – Azure Identity and Access Management -IAM-Azure Active Directory – Microsoft Invitation Acceptance Portal 2Now all configuration are in place, so let’s try to redeem the invitation one more time by clicking the Accept Invitation button from our invitation mail.
As we saw in the above figure, the user must Accept the use of their information in accordance to the inviting organization’s privacy policies to continue. If terms of use are configured, the guest opens and reviews the terms of use, and then selects Accept to complete the redeem procedure.
As we can see in the above figure, after user successfully redeem the invitation, it change the Source property of user from Invited User to External Azure Active Directory but the User type is still Guest.
I hope, this article help you to configure Azure AD to invite Guest User. As the scope of this topic is very huge, we will come with few more articles for some specific features of B2B collaboration in our upcoming articles.
Next Article : Part 15 – Azure Active Directory – Business-to-Business (B2B) And Guest User 3 – Email one-time passcode authentication
As I am exploring the Azure Identity and Access Management (IAM). Please let me know if I missed anything important or if my understanding is not up to mark.
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
Thanks for reading 🙂
very good