Azure AD B2B Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
>> Hello Cybrarians.
00:00
Welcome to Lesson 1.12 of module 1 of this course
00:00
titled AZ-301: Microsoft Azure Architect Design.
00:00
Here's what I'll be covering in this demo.
00:00
I'll be showing you how to configure
00:00
guest user access to enterprise applications,
00:00
in essence Azure AD B2B.
00:00
That's what my environment looks like.
00:00
On the left-hand side I have the
00:00
superclouds.xyz Azure AD tenant,
00:00
and I have my Azure subscription that uses
00:00
that tenants as its identity provider.
00:00
I can also add other applications like box and and
00:00
Salesforce to that Azure AD tenant.
00:00
Now on the right-hand side,
00:00
there is another organization with DR on
00:00
Azure AD tenant called verycloudy.xyz.
00:00
Now the thinking here is uses in
00:00
verycloudy.xyz needs to be able to access
00:00
applications that trusts the supercloud.xyz tenants.
00:00
But rather than creating separate account for them,
00:00
we want to invite users
00:00
from other organization to be able to
00:00
access applications within
00:00
>> the SuperClouds organization.
00:00
>> That's what I'll be showing you how to
00:00
invite users and how to give them
00:00
access to an application like the Azure subscription.
00:00
Let's go ahead and do this.
00:00
To start with, what I'll do is,
00:00
I'm in the Azure portal,
00:00
I'll click on Azure Active Directory.
00:00
When I get to Azure Active Directory,
00:00
if I click on the users.
00:00
Here I can see a list of all the users that I have,
00:00
but the ones that are called
00:00
Cloud identities that were created in
00:00
Azure AD and synchronize
00:00
identities that originated from on-premises,
00:00
but we're synchronized using the Azure AD connects to.
00:00
What you can do is on a very top here you can
00:00
see the option for new guest user.
00:00
But before I do that,
00:00
let me show you some other options.
00:00
If I go back on the SuperClouds,
00:00
if I click on the user settings,
00:00
you have the option here where it
00:00
says x now users that you
00:00
can use to manage external collaboration settings.
00:00
If I click on that option,
00:00
so this is where you can control
00:00
how you can collaborate with other organizations.
00:00
For example, you can say
00:00
guest users permissions are limited,
00:00
which is by default, yes.
00:00
Admins and users in the guest inviter role can invite,
00:00
so you can say that a yes or no.
00:00
When you give people this role,
00:00
that means they can invite guests users
00:00
from other Azure AD tenant,
00:00
or maybe even Google organization or even
00:00
just Outlook.com or gmail.com.
00:00
You can also have the option to say
00:00
allow invitations to be sent to any domain,
00:00
or you can have like
00:00
a whitelist or blacklist approach where you can say
00:00
deny invitation to the specified domain but
00:00
allow invitations for any other domains,
00:00
or you can say, allow invitations only to
00:00
this specified domains and deny all other domains.
00:00
That's where you configure
00:00
the organization settings for that.
00:00
If I go ahead and click on "Users", I have
00:00
the option to give this power
00:00
to users within my organization.
00:00
Maybe I create a group that I make
00:00
the users the owner of that group,
00:00
and then I give the group
00:00
access to applications of content
00:00
>> within my organization.
00:00
>> Then they can invite x
00:00
now users as to be members of that group.
00:00
In this case, I would just click on new guest user,
00:00
and I'll click on invite users.
00:00
Now the user's name is John First,
00:00
so if I go ahead and type John First,
00:00
and John First email address is john@verycloudy.xyz.
00:00
I'll put in John's details there,
00:00
John First.
00:00
Personal message.
00:00
"Hello John, this is for your access to
00:00
SuperClouds for the project
00:00
that we are working on together."
00:00
Excellent. If I do that,
00:00
if I wanted, so I could add John to certain groups.
00:00
Let's say I have certain groups,
00:00
which I have in this case,
00:00
I've created groups for external boxes,
00:00
or external Salesforce access.
00:00
I can have John to be members of those groups there.
00:00
In this case, I'll just go ahead
00:00
and just make John the user,
00:00
and allow signing and set
00:00
a usage location for John
00:00
>> which if I say the United Kingdom also.
00:00
>> If I go ahead and click "Invite",
00:00
so that's sent an invitation email to John.
00:00
If I go over to John's account over here,
00:00
>> and here we go.
00:00
>> On the Microsoft invitations email,
00:00
if I click on that, it says,
00:00
you've been invited to access
00:00
applications in the SuperClouds organization.
00:00
John can go ahead and click on "Get Started".
00:00
That's going to go ahead and accepts
00:00
that so that my organization can read
00:00
some basic profile information for John and here we go.
00:00
John is now been added to SuperClouds organization.
00:00
If I go back on the SuperCloud,
00:00
let's refresh this and let's search for John.
00:00
You can see we have John First,
00:00
which is a guest user from the search.
00:00
What I can now do is I can go to my Azure subscription.
00:00
Let's say in this case,
00:00
John needs to collaborate with
00:00
certain developers in my organization,
00:00
and I've created an Azure subscription
00:00
for them that they can
00:00
use and John need access to that subscription.
00:00
If I go under subscriptions,
00:00
I can select that option.
00:00
I can go under Identity and Access Management,
00:00
I can add a new role assignment and select a role.
00:00
Let's say the contributor role to this subscription
00:00
>> and what do I want to give that role to?
00:00
>> If I search for John, he's a guest user
00:00
>> and I can save that.
00:00
>> In essence, what I've now done if I go
00:00
and the role assignment is I've
00:00
made John a contributor to the subscription,
00:00
and that is great because what John can now do is that
00:00
John should be able to access this Azure subscription,
00:00
and be able to collaborate with
00:00
other developers within my organization.
00:00
If I come back to John's environment here,
00:00
if I bring up a new tab and if I go through
00:00
photo.azure.com and John is
00:00
currently still connect to verycloudy.xyz.
00:00
But what John can also do or should be able to do
00:00
is John can click on that option to change directories,
00:00
and John can switch over to supercloud.xyz.
00:00
When John switches over to superclouds.xyz,
00:00
if John goes on the subscriptions,
00:00
you can see that John has
00:00
access to that same subscription ID,
00:00
so that is N288290.
00:00
If I go under SuperCloud,
00:00
if I go under the subscription,
00:00
you now set the subscription ID N288290.
00:00
That's it for this demo.
00:00
Let's go back to the slides to review what we've done.
00:00
Here is a summary of what we covered in this lesson.
00:00
In this demo, we covered how to configure
00:00
guest user access to enterprise applications.
00:00
I hope you found this video informative and I'll
00:00
see you in the next lesson in this course.
Up Next