Forum Discussion
Using Azure AD B2B Collaboration for extranet with multiple partners
Hi
If we use AAD B2B Collaboration with many partners for an extranet solution in SharePoint Online, and if we don't want users from one partner to be able to access another partners site, we would have to create separate groups for each parter - or in some cases even for each site collection, right?
Thanks
Jakob
- Dean_GrossSilver Contributor
I typically recommend creating separate site collections for collaboration with each partner. This provides a very clear and easy to understand boundary for the business users and site admins.
- Adrian HydeSteel Contributor
It's not any different than if you have internal users in your company that you want to make sure don't have access to each others sites.
The other thing you may to look for is if Partner A shares a site or content to Partner B.
Hopefully unlikely, but possible to do.
- Monterey HarrisCopper ContributorWhy do you need to use Azure B2B? You could just share the content with them with the proper permissions and then an account gets created in your directory for the extranet users
- Adrian HydeSteel ContributorAzure B2B is a good solution if you don't want to get into the business of managing those external user accounts - i.e. the external company is responsible for forgotten passwords and keeping track of who they fired etc.
But if it is a user from a small company or standalone guy, then yes, it is probably easier to use the built-in Guest sharing features.- Monterey HarrisCopper ContributorYea I know with Azure AD B2B you can create is an ubiquitous id in AzureAD. I think that's great in 2 scenarios: if the external users need access to apps other than SharePoint as well or if you have Azure App Proxy and some on premise apps that could add the complexities of that Auth. But in a straight SharePoint online scenario wouldn't be wiser just to use external sharing? Less admin effort simply allow sharing and only allow external access to the site or site collection they need to see. Make sure you require login for access and the auth is the same with less work. If they get fired and the account is revoked the same thing happens. Also does SHO see the B2B user as external? If not I feel like you are adding overhead for making sure the partner can't see anything not meant for them.