Forum Discussion
Enabling Federated Authentication to SharePoint Online Between Affiliated Companies
We are company A. We have two related companies B & C who currently access our SharePoint online as guest users. As you might imagine, this is an administrative headache keeping track of employees as they come and go from companies B & C.
All 3 companies have Office 365 with Azure AD. We administer the domains of all 3 companies.
Is it possible to set up Federation between the domains so that users of B & C can access certain SharePoint Comm Sites in company A's SharePoint Online domain (but no other network assets) to eliminate the the need to manually invite new employees from companies B & C and conduct regular User Access Reviews to ensure terminated employees from B & C no longer have access?
3 Replies
I think Identity Governance in Azure AD could help you in this B2B situation
From Company A you can "federate" Company B&C through the Connected Organizations tab
(this requires someone's approval from Company B and C)
Once the Federation is established, you will provision different Access Packages and Catalogs depending on your needs.
An Access Package can contains specific SharePoint sites / Teams or Groups
Last step (Governance part) you will use the Access Reviews tab to define bunch of people who will take care to extend or revoke the permissions of users in Company B&C based on the access packages.
The review is done by an auto generated email and it's easy to use it
Thank you so much for the detailed reply. This sounds promising. I will discuss with my infrastructure team and report back on results.
Thanks again!
doughorton I've just seen this old thread. As cross tenant identity sync is now available, this would be the approach to go. Maybe you have already seen this, than you are fine.
