Forum Discussion
Miguel Isidoro
Oct 20, 2021Brass Contributor
Configuring Office 365 Federation for external users and native Office 365 auth for internal users
Hi, I want external users to federate external users authentication in Office 365 with an external identity provider. The authentication provider is not implemented by us. The goal is to enable b...
thijoubertold
Oct 20, 2021Iron Contributor
Hello,
If it is for B2B, you should have a look at Azure B2B Collaboration : https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
In short, Azure B2B enable to federate the authentication, to let you to invite external user as guest in your tenants. They will be able to consume your services (e.g., SharePoint Online) with their identity (and so their IdP).
All the guests users will have a specific UPN :
- If userA@contoso.com is invited
- His UPN will be : userA_contoso.com#ext#@yourconompany.onmicrosoft.com
In any case, the authentication to Azure AD goes through login.microsoftonlin.com or login.live.com
If it is for B2C, you should have a look at B2C
https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
If it is for B2B, you should have a look at Azure B2B Collaboration : https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
In short, Azure B2B enable to federate the authentication, to let you to invite external user as guest in your tenants. They will be able to consume your services (e.g., SharePoint Online) with their identity (and so their IdP).
All the guests users will have a specific UPN :
- If userA@contoso.com is invited
- His UPN will be : userA_contoso.com#ext#@yourconompany.onmicrosoft.com
In any case, the authentication to Azure AD goes through login.microsoftonlin.com or login.live.com
If it is for B2C, you should have a look at B2C
https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview
Miguel Isidoro
Oct 21, 2021Brass Contributor
Hi,
Thanks for the info.
In our case, the invite seems not to be an option since the external identity provider is based on Oracle and the available auth methods don't rely on email.
External users will have to log in using one of the following methods:
- VAT Number and password (auth against a external system)
- Generic auth system that uses mobile number and MFA auth
- Internal form with user (not sure what this is yet) and password
How can invite and B2B work here?
Please take a look at all details I explain in the initial question.
Tks
Miguel
Thanks for the info.
In our case, the invite seems not to be an option since the external identity provider is based on Oracle and the available auth methods don't rely on email.
External users will have to log in using one of the following methods:
- VAT Number and password (auth against a external system)
- Generic auth system that uses mobile number and MFA auth
- Internal form with user (not sure what this is yet) and password
How can invite and B2B work here?
Please take a look at all details I explain in the initial question.
Tks
Miguel