Azure Active Directory B2B Service General Availability
Azure External Identities
Azure External Identities
Have a question?
Mississauga, April 17, 2017 - Microsoft recently announced the general availability of the Azure Active Directory Business-to-Business (B2B) service worldwide. Azure AD B2B collaboration capabilities allow organizations that use Azure AD to work securely with other people and organizations - whether they in turn use Azure AD or not.
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications. Organizations using Azure AD can provide their B2B partners access to documents, resources, and applications while maintaining control over corporate data. Developers can use the Azure AD B2B APIs to write applications that bring two organizations together in a secure way that is also seamless and intuitive for end users to navigate.
The Azure AD B2B service allows personal or business accounts to be set up on the fly, offering a way for organizations to share resources, including access to SharePoint Online or OneDrive sites. The process kicks off when organizations send an invitation to a user via e-mail. No longer does this have to be a corporate email address, it can also be a personal one such as Gmail or Yahoo. The service establishes whether the user already has an account or not. If not, it creates a new Azure AD B2B account with a password. The user then receives an email with a PIN that allows them to login and gain access to the shared resources.
What does this mean for organizations and their extranets?
Since the Azure AD B2B service was initially released in preview in 2016, Envision IT has been actively testing it and has built support for the service into our Extranet User Manager (EUM) platform. This is a tremendous step forward for organizations that use Office 365 and want to be able to invite external users into their sites. Using the service, Office 365 subscriptions are not required for invited partner users, which is a considerable saving. Permissions in SharePoint Online can be applied to Azure AD groups, and site owners can manage the group membership through EUM.
There are still certain limitations to Azure AD B2B that can prove challenging. User management through the out of the box Azure portal can be overwhelming for business users. There is no self-registration, or integration to other line of business systems. EUM eliminates these issues by providing self-registration, profile management and delegation. As users and groups are created by the business owners, they are setup in Azure AD by EUM. Azure AD manages the login process, while EUM sends the initial invitations and manages the group membership and permissions.
Incorporating Azure AD B2B with EUM offers a cost effective, secure solution for extranets. Board of Director portals, Member sites, Customer and Supplier portals can all benefit from this enhanced solution.