Forum Discussion
User and Group Management for Guest Users in Selected Groups
Hello there!
In our Azure environment, we collaborate with multiple companies that want to use our services (B2B). Our services use RBAC synchronized with security groups in MS Entra. Each customer company has a set of security groups within our tenant. Group membership authorizes the guest users to use our services. Now, we are looking for a way to allow a customer company administrator to add or remove users from the specific groups created for that company by themself. However, the customer company administrator should only be able to manage their employees in the groups specifically created for their company, i.e., add or remove them. Is there a known solution for this?
Unfortunately, Administrative Units do not work for us because they require a privileged role at the global scope.
- Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.
- Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.
- Julian_FriederichCopper ContributorHi Vasil,
Thank you for sharing your thoughts!
Yes, the "Customer admin" is part of my Directory, but as a B2B Guest.
After changing the UserType property from Guest to Member, it worked exactly as you described with assign as owner of the groups.
Thank you for your assistance, and have a great day!
Cheers