What is Azure AD B2B ?
By now I assume you have idea what is Azure AD and how it works. If you are new to my blog, please search for Azure AD on my blog and you will be able to find articles explaining about it and its capabilities. Azure AD manage identities for the company and it will allow to control access to resources such as applications. Sometime based on business requirements companies have to share their resources with partners, other companies in group etc. in such scenario Azure AD B2B collaboration supports to share resources with another party using their own identities.
Using Azure AD B2B partners can use Azure AD account they create using the invitation process. Then azure admins can control the access to the applications. Once the tasks are completed those accounts easily can remove from the azure AD and all the permissions to the resources will be revoked. The partner company do not need to have any azure subscription and it allow to provide quick access to the resource with minimum changes.
How it works?
1) Administrator invites the partner users by uploading the user details using CSV file. This file need to create with specific fields and values and more details can find on https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2b-references-csv-file-format/
2) Azure portal sends invite emails to the users which is imported using CSV file
3) Users click on email link and sign in using their work credentials (if they have azure AD account) or sign up as an Azure AD B2B collaboration user
4) User log in and access the shared resources
Let’s see it in action
To enable azure AD B2B collaboration for an Azure AD instance you need to have global administrator privileges. So before you start make sure you got the relevant permissions.
As I said previously the user accounts details need to be uploaded via a CSV file. In here I have created a simple CSV file with test account.
After that log in to azure portal and load the Azure AD instance you already have.
Then go to users and click on Add
From the wizard select the “Users in Partner Companies” as the type of the user
then brows for the CSV file and import
after few minutes the user got email with link
once click on the link it will load up a page and click next to continue
in next page provide a password and click next
it will send code to verify email address and once you put it there click on finish
once process finish, we can see the new user under the azure AD users
now I have application under my directory and when I go to users I can see the new user we setup. I have assign the permission for the new user for the app.
So when login to the azure portal as the new partner user now can see the applications which is assigned for the user.
Hope this was helpful and if you have questions feel free to contact me on email@example.com