Forum Discussion

Julian_Friederich's avatar
Julian_Friederich
Copper Contributor
Jan 16, 2024

User and Group Management for Guest Users in Selected Groups

Hello there!

In our Azure environment, we collaborate with multiple companies that want to use our services (B2B). Our services use RBAC synchronized with security groups in MS Entra. Each customer company has a set of security groups within our tenant. Group membership authorizes the guest users to use our services. Now, we are looking for a way to allow a customer company administrator to add or remove users from the specific groups created for that company by themself. However, the customer company administrator should only be able to manage their employees in the groups specifically created for their company, i.e., add or remove them. Is there a known solution for this?

Unfortunately, Administrative Units do not work for us because they require a privileged role at the global scope.

  • Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.
  • Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.
    • Julian_Friederich's avatar
      Julian_Friederich
      Copper Contributor
      Hi Vasil,

      Thank you for sharing your thoughts!
      Yes, the "Customer admin" is part of my Directory, but as a B2B Guest.
      After changing the UserType property from Guest to Member, it worked exactly as you described with assign as owner of the groups.

      Thank you for your assistance, and have a great day!
      Cheers

Resources