A high level of collaboration is possible in Azure, even with guest users. B2B Collaboration enables guest users to access resources in a given Azure directory using their existing credentials. For example, external contractors, consultants, or partners may need access and with guest accounts in Azure, you can provide that for them. These accounts can be assigned AAD roles or Azure RBAC roles as usual. To invite guests you will need the Name, Email address, personal message, groups, and directory role.
Add A Guest User In Azure Portal
To get started navigate to the Azure portal and go to Azure Active Directory.
In the left menu look for Manage, then select Users.
On the top menu bar, select New guest user.
The Invite user option should already be selected for you.
Enter the name, email address, first name, last name, and a personal message for the guest you want to add.
When ready, click Invite at the bottom. An invitation is sent to the email address you provided for the guest user.
A helpful success notification lets you know the invitation to your guest was sent.
The recipient of the invite will see something like this in their email inbox.
When the guest user confirms the invitation, they will be taken to the Azure Portal and will be asked to create an Azure account if they do not already have one.
Add Guest User To DevOps Group
In the Azure AD organization overview page, in the left menu pane, under Manage, select Groups.
Search for the group you are interested in, in the list of groups. In our case, this is the DevOps group.
In the left menu pane, under Manage, select Members.
On the top menu bar, select Add members.
Search for the guest user that was just added to Azure. When the user is found, click Select.
The guest user is now part of your DevOps group in Azure!
Resend Invitations To Guest Users
It’s easy to resend an invitation email if needed. In the Azure AD organization under Manage, select Users.
Select the user you are interested in.
Under the Identity section, select the (manage) link.
Under Email invitations for Resend invite, click Yes.
A new message will be shown: “Are you sure you want to resend an invitation?” Clicking Yes will send the user a new email invitation for redeeming their guest account.
Select Done at the bottom and the resend should be complete.
How To Configure Guest User Access In Azure Active Directory B2B Summary
Azure Active Directory business-to-business (B2B) collaboration lets you involve External Identities to invite guest users to collaborate with your organization. By using this feature, you can securely share your company’s applications and services with guest users while maintaining control over your own data. In this tutorial, we saw how to initiate a guest invitation, as well as place a guest user into a specific group. B2B is a nice feature that makes it possible to work safely and securely with external partners even if they don’t have Azure AD themselves.