5 Considerations for your Extranet Project
Azure External Identities
Azure External Identities
Have a question?
Are you ready to implement your extranet project?
November 3, 2017 | Logan Guest, Sales Associate
So, you think you're ready to move forward and implement your extranet project? I am by no means doubting your ability to plan ahead, however, I thought I would share some common questions and some guidance surrounding considerations to make with your extranet project. Not all questions and considerations will apply, but asking the right questions within the preliminary stages is a key aspect of a successful extranet implementation.
First, who will be accessing the extranet?
Often at the beginning of an extranet project, there is one specific type of user group you are looking to provide external authentication for. Likely this is a user group that is integral to your everyday business and, regardless of the industry vertical you fall within, there are external user groups that make your business thrive whether you offer products or services. There are many different types of users that fall within different industries that would find value in having 24/7 access to a reliable and secure extranet. Those common industries are:
- Board of Directors
For example, in the Public sector, external users such as volunteers, members, board of directors, or citizens may need access to important information that the organization does not want to make anonymously available on their public website. Whereas in the Private sector, vendors, partners, or suppliers may need to not only access information, but contribute and collaborate back and forth with the organization. For these types of relationships, an extranet is also a great repository for any confidential contracts or agreements between the resource organization and the external organization.
Second, would you like to have a self-registration option or invitation only?
The decision of whether or not to leverage a self-service registration page often hinges on two key aspects of your extranet implementation. The number of users you are looking to provide external authentication for, and whether you would want to delegate some of that onboarding process or you would want to manage it centrally.
- Smaller, known set of users
- Managed centrally or delegated
- Onboarding hundreds or thousands of external users
- Approval workflows
Third, how will your extranet users authenticate into your extranet application?
There are several platforms where your desired extranet could potentially reside, such as on premise, in the cloud, or in a hybrid environment. Regardless of where you are planning to store your extranet, there are various options to pursue, and understanding the role authentication plays within these options may assist in determining the final destination of your extranet.
There are a couple of options to provide that authentication. You could leverage:
- Email and password
- Self-service password reset required
- Office 365 / Azure AD
- Microsoft Account
Email and password is the most common, but it requires the external users to remember yet another set of credentials. Office 365 / Azure AD or a Microsoft account works well if your partner has those already, particularly with Office 365, as it natively supports that. Google has been announced as a supported platform in the future for Office 365, with other social platforms to follow, but none of them are available yet from Microsoft. Through federation all of these can be used for authentication to either Office 365, SharePoint on premises, or other SaaS or custom systems.
Fourth, what interactions are your external users going to have with the extranet?
Understanding the interactions your external user groups will be having with your organizations extranet will help you identify the ideal platform that offers the most applicable features and is cost conscious. Will they simply be accessing information for consumption or is there some give/take required?
- Accessing published content
- Collaborating on specific documents
- Accessing team or project sites
- Becoming full-fledged members of Office 365 Groups
With the published content scenario, you may be able to save some licensing costs by not going with a full-fledged portal solution with collaboration capabilities such as Office 365. An alternative to pursue would be an Azure ASP.NET web app which would offer you a highly scalable solution where your users could authenticate into the site via a trusted identity provider to receive the information that corresponds to their permissions and group access. A great example of this scenario is the OntarioMD Website Case Study.
If your external users are going to be doing more than consuming information and actively contributing content into your extranet, you will want to provide them with the tools that they may need to make their end user experience simple and secure. Office 365, SharePoint Online, and SharePoint on premises are all great solutions to achieve this. The concept of having “one version of the truth" is something that definitely holds true with the SharePoint experience. Whether it be forms or contracts that vendors are expected to fill in and submit, or Excel and Word docs that they need to access, they will be able to co-author, allowing both internal and external users to edit simultaneously on the same document. A great example of this is our Associated Engineering Case Study.
Fifth, what applications will have to be accessible through the extranet?
This question is often answered with a phased approach by implementing an initial solution to provide authentication to a single application, whether that application is SharePoint, SharePoint Online, or a custom application. Once this has been successfully implemented, there are often additional applications those external users may need access to and ensuring there is a simple integration between the two or more applications is integral to the end user experience. Ensuring there is Single Sign On between the various applications ensures the end user is only prompted for their credentials once and they can then flow through to the additional applications seamlessly. Below are the typical applications we see in extranet scenarios.
- Office 365 - SharePoint Online, OneDrive for Business
- Office 365 Groups – Teams, Planner, Yammer
- Other Office 365 Apps - Power BI, Stream, PowerApps, Flow
- SharePoint On Premises (2010, 2013, 2016)
- Third Party SaaS Applications
- Custom Applications – On Premise or Cloud
These are the top 5 considerations for your extranet project. Organizations such as OntarioMD and Associated Engineering have both leveraged Extranet User Manager to optimize collaboration with their external partners and associates. Check out some additional resources below.
- Learn more about the built in Office 365 external sharing experience
- Azure AD B2B document repository, up to date with the latest articles from Microsoft
- OntarioMD Case Study
- Associated Engineering Case Study