In today’s connected world, collaboration is the means to an end. Often, we’ve come across situations where we, as an organization, have had to collaborate with our business partners to achieve a common goal. In the process, we learn more about our mutual competencies and strengths, and have the opportunity to tap into the skills of our partners to create a unique space for us in the business world.
Though collaboration is essential, it also comes with its own hassles. For starters, we don’t know how much to trust the other party, especially if we’re collaborating with a new partner. In such a case, we’re never sure how much access we should allow them to our resources.
How will they use them? Will it have an adverse impact on our business? These, and a million other questions, are sure to run through our minds.
Azure AD B2B may be the solution to all our worries about sharing resources in a collaborative environment.
What is Azure AD B2B?
[tg_youtube width=”” height=”” video_id=”Wo5J61Hp_Z0″]
Azure Active Directory Business-to-Business is a solution from Microsoft that allows you to work closely with your business partners. With this service, you can give your partners access to your documents, resources, and applications, and yet, maintain complete control.
It works well for organizations of all sizes, regardless of their operations and statutory requirements. In fact, with Azure AD B2B, you can work easily and securely with partners and collaborators located around the world, and in the process, improve your cross-company relationships as well.
Azure AD B2B’s API is also the perfect tool for developers who want to write secure applications using the shared resources of two or more organizations.
How Azure AD B2B works
Azure AD B2B enables you to add users from another organization to your application, and set their access rights.
To do that, start by logging into your account using the Azure portal, PowerShell, or access panel. After you login, go to the User Creation panel, click on the dropdown box called “Type of User,” and select “Users in partner companies.” Next, invite users from other organizations to access specific apps by uploading their email IDs to the Azure AD B2B portal through a .csv file. Remember to close the .csv file before uploading it to the system.
Every record in the file should have the partner email ID, display name, Invite AppID (the app ID for which you’ll be granting access), InviteReplyURL, InviteAppResources (ID of resources that you’ll be sharing with the partner), InviteGroupResources (again, group resource ID), and InviteContactsURL.
If you’re not sure about the app ID, go to PowerShell and type the following code.
Get -MsolServicePrincipal | fl DisplayName, AppPrincipalId
This should bring up the list of all available applications, including their App IDs.
Once you upload the file, external users will get an email with a link to the invite. When users click on the link, they are prompted to sign in to the access panel. However, the invited users have to sign in to an existing work account in Azure AD. If they don’t have an existing account, they will be prompted to create a new ID in Azure AD.
Once the users sign in, they will be redirected to the app that was shared with them.
Also, Azure automatically updates the account information using the email token. This way, you’ll have a complete profile of the person who is accessing your resources.
Now, this new user becomes another entity who can access your system, and you can manage this user like the others in your system.
Advantages of using Azure AD B2B
Azure AD B2B is a simple and convenient way to share your resources with partners and collaborators. Here’s what you stand to gain with this service:
- Since your business partners sign into your system with their own sign-in credentials, you don’t have to manage a separate external directory or partner federate configurations for partner logins.
- When a user leaves the partner organization, you don’t have to remove access because the user cannot use the email ID associated with that organization any more. This means, they can’t log into your system, too.
- You can work independently, without having to ask the IT department of your partner organization for anything.
- You can allow business partners to use your corporate applications including SaaS services like Salesforce and Office365, mobile apps, and on-premises applications.
- With Azure B2B collaboration, partner organizations can apply their enterprise security policies to the external user accounts that access your applications.
- For IT professionals, setting up, inviting, and managing access is a breeze. A simple and intuitive interface makes it easy to stay on top of partner organizations’ access.
- You can add up to 2,000 email IDs at the same time. Simply upload a comma-separated values (CSV) file of not more than 2,000 records to the B2B portal, and the system will set up the rest for you.
- Invitations to Gmail, comcast.net, and other consumer email IDs are not supported, so users need a valid email ID from their respective organization. This feature eliminates the need for background verifications.
Overall, these features protect the security of your applications, and at the same time, make it easy to collaborate with your partners.
As with all services, Azure AD B2B also comes with certain limitations. Currently, the following features are not supported, though this may change in subsequent versions.
- Multi-factor authentication (MFA) is not supported for external users. For example, if a partner organization does not have MFA, then it can’t be granted through Azure AD B2B portal.
- At this point, individual invites and API accesses are not supported. All email IDs have to be uploaded through a .csv file only.
- At this time, only Azure AD Global Administrators have the permission to upload .csv files.
- Consumer email addresses such as Gmail, Yahoo, and comcast.net are not supported.
- Similarly, invitation to distributed lists is not supported.
- Only a maximum of 2,000 records can be uploaded through a .csv file.
Though some of these limitations can feel like a hassle, it’s only done to protect organizations against miscreant behaviors. We can expect some limitations such as the 2,000-record limit to change as usage picks up. But at this point, the above limitations are in effect.
Using Azure AD B2B as a collaboration tool allows you to easily share resources and apps with partner organizations. The process of setting up and managing users and their access is simple and straightforward. On top of it, there are many advantages that come with using this tool such as group invites, selective access, and enhanced security. Though there are also limitations to this service, many of them are designed keeping your security in mind.
Overall, it’s a handy tool in today’s collaborative business environment. Are you ready to try it?
1 thought on “Get your fair share: Comprehensive guide to Azure AD B2B”
Hi! Regarding the limitation “Consumer email addresses such as Gmail, Yahoo, and comcast.net are not supported.” For that Microsoft offers Azure AD B2C