How To Configure Guest User Access In Azure Active Directory B2B

How To Configure Guest User Access In Azure Active Directory B2B

A high level of collaboration is possible in Azure, even with guest users. B2B Collaboration enables guest users to access resources in a given Azure directory using their existing credentials. For example, external contractors, consultants, or partners may need access and with guest accounts in Azure, you can provide that for them. These accounts can be assigned AAD roles or Azure RBAC roles as usual. To invite guests you will need the Name, Email address, personal message, groups, and directory role.


Add A Guest User In Azure Portal

To get started navigate to the Azure portal and go to Azure Active Directory.

In the left menu look for Manage, then select Users.

On the top menu bar, select New guest user.

azure ad new guest user


The Invite user option should already be selected for you.

Enter the name, email address, first name, last name, and a personal message for the guest you want to add.

When ready, click Invite at the bottom. An invitation is sent to the email address you provided for the guest user.

azure ad invite a new guest user


A helpful success notification lets you know the invitation to your guest was sent.

azure sucessfulley invited user


The recipient of the invite will see something like this in their email inbox.

the email a guest user receives for invite to azure ad

When the guest user confirms the invitation, they will be taken to the Azure Portal and will be asked to create an Azure account if they do not already have one.


Add Guest User To DevOps Group

In the Azure AD organization overview page, in the left menu pane, under Manage, select Groups.

Search for the group you are interested in, in the list of groups. In our case, this is the DevOps group.

In the left menu pane, under Manage, select Members.

On the top menu bar, select Add members.

add user to devops group azure


Search for the guest user that was just added to Azure. When the user is found, click Select.

select user in add members pane


The guest user is now part of your DevOps group in Azure!

guest user now in azure ad group

Resend Invitations To Guest Users

It’s easy to resend an invitation email if needed. In the Azure AD organization under Manage, select Users.

Select the user you are interested in.


Under the Identity section, select the (manage) link.

manage link


Under Email invitations for Resend invite, click Yes.

azure manage invitations resend invite


A new message will be shown: “Are you sure you want to resend an invitation?”  Clicking Yes will send the user a new email invitation for redeeming their guest account.

 

are you sure you want to resend an invitation yes

Select Done at the bottom and the resend should be complete.

How To Configure Guest User Access In Azure Active Directory B2B Summary

Azure Active Directory business-to-business (B2B) collaboration lets you involve External Identities to invite guest users to collaborate with your organization. By using this feature, you can securely share your company’s applications and services with guest users while maintaining control over your own data. In this tutorial, we saw how to initiate a guest invitation, as well as place a guest user into a specific group. B2B is a nice feature that makes it possible to work safely and securely with external partners even if they don’t have Azure AD themselves.