Forum Discussion
Office 365, SharePoint Online profile sync
I am trying to synchronize all users from two different Azure AD into one single User profile application. I know that this is not possible by writing any custom sync job as CSOM does not have any us...
Thanks @Brent . I have updted my question with why we are exploring the 2 AAD approach. Looks like this is approach is going towards dead end.
Gotcha.
We did something similar, it's not a sharepoint based extranet, but a custom developed customer facing web application where we used the secondary AAD as our identity for that, and added our primary corporate users from our primary AAD into the secondary AAD to access the custom application.
Like I mentioned, it is a manual process to add our internal users to the secondary AAD, but we have just incorporated it into our new hire process, so it's not terrible.
What you may consider is the use of the guest/external contacts in your primary AAD, and then just make sure to be diligent in setting permissions in your primary SharePoint environment (using the "Everyone, except external users" group), lots more to think about and plan for there, but we have kind of done this as well, with a dedicate site collection where "external" users are allowed, but all other site collections are "for internal purposes only".
We did something similar, it's not a sharepoint based extranet, but a custom developed customer facing web application where we used the secondary AAD as our identity for that, and added our primary corporate users from our primary AAD into the secondary AAD to access the custom application.
Like I mentioned, it is a manual process to add our internal users to the secondary AAD, but we have just incorporated it into our new hire process, so it's not terrible.
What you may consider is the use of the guest/external contacts in your primary AAD, and then just make sure to be diligent in setting permissions in your primary SharePoint environment (using the "Everyone, except external users" group), lots more to think about and plan for there, but we have kind of done this as well, with a dedicate site collection where "external" users are allowed, but all other site collections are "for internal purposes only".
- There are around 100+ intranet SharePoint sites and 100+ extranet SharePoint sites. And we cannot rely on Site Owner's diligence while giving permission to users. I have posted another discussion on the whole thing I am trying to do here : https://techcommunity.microsoft.com/t5/SharePoint/SharePoint-Extranet-amp-intranet-migration-to-SPO/m-p/35223#M3173