Forum Discussion

JakobRohde's avatar
JakobRohde
Iron Contributor
Nov 17, 2016

Using Azure AD B2B Collaboration for extranet with multiple partners

Hi

 

If we use AAD B2B Collaboration with many partners for an extranet solution in SharePoint Online, and if we don't want users from one partner to be able to access another partners site, we would have to create separate groups for each parter - or in some cases even for each site collection, right?

 

Thanks

Jakob

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    I typically recommend creating separate site collections for collaboration with each partner. This provides a very clear and easy to understand boundary for the business users and site admins.

  • Adrian Hyde's avatar
    Adrian Hyde
    Steel Contributor

    It's not any different than if you have internal users in your company that you want to make sure don't have access to each others sites.

    The other thing you may to look for is if Partner A shares a site or content to Partner B.

    Hopefully unlikely, but possible to do.

  • Monterey Harris's avatar
    Monterey Harris
    Copper Contributor
    Why do you need to use Azure B2B? You could just share the content with them with the proper permissions and then an account gets created in your directory for the extranet users
    • Adrian Hyde's avatar
      Adrian Hyde
      Steel Contributor
      Azure B2B is a good solution if you don't want to get into the business of managing those external user accounts - i.e. the external company is responsible for forgotten passwords and keeping track of who they fired etc.

      But if it is a user from a small company or standalone guy, then yes, it is probably easier to use the built-in Guest sharing features.
      • Monterey Harris's avatar
        Monterey Harris
        Copper Contributor
        Yea I know with Azure AD B2B you can create is an ubiquitous id in AzureAD. I think that's great in 2 scenarios: if the external users need access to apps other than SharePoint as well or if you have Azure App Proxy and some on premise apps that could add the complexities of that Auth. But in a straight SharePoint online scenario wouldn't be wiser just to use external sharing? Less admin effort simply allow sharing and only allow external access to the site or site collection they need to see. Make sure you require login for access and the auth is the same with less work. If they get fired and the account is revoked the same thing happens. Also does SHO see the B2B user as external? If not I feel like you are adding overhead for making sure the partner can't see anything not meant for them.

Resources