External Users in Azure AD B2B
I have spent some time with customers working on Azure AD B2B and making applications available to partners and vendors through Azure AD. Part of the work was looking at what happens under the cover in AAD B2B, so we could understand what and how we had to work on reporting and auditing.
Azure AD B2B is intivation-based. When you want to work with an external partner or vendor, you invite them into working with you in one of your company’s applications. The system then sends an invitation to that person’s email address that you supply – and they redeem that invitation to gain access.
What happens in the background is the creation of an identity reference of that vendor’s or partner’s user account. That reference is created in your AAD and used to link permissions to – and audit and reporting.
That reference is created as a very special reference user object. The following is my users object in my AAD tenant:
First Name: Florian
Last Name: Fromm
Sign-In-Name: florian@fsft.net
objectID: e25b1308-1115-45d0-b813-a49e23a32e1f
UserType: Member Read more »