Ability to see high level status of foreign Tenant org Id?

%3CLINGO-SUB%20id%3D%22lingo-sub-88847%22%20slang%3D%22en-US%22%3EAbility%20to%20see%20high%20level%20status%20of%20foreign%20Tenant%20org%20Id%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-88847%22%20slang%3D%22en-US%22%3E%3CP%3EUsing%20the%20B2B%20capability%20to%20create%20guest%20records%20in%20our%20Organization%20and%20allow%20SSO%20into%20our%20AAD%20registered%20apps%20is%20a%20very%20useful%20integration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20really%20love%20to%20somehow%20see%20the%20high%20level%20status%20(link%20status)%20of%20the%20foreign%20Org%20ID%20record.%20Not%20personal%20information%2C%20just%20very%20simple%20something%20like%20(Deleted%3B%20Disabled%3B%20Current%2FLinked%3B%20(or%20possibly%20un-link%2Fun-redeemed)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20the%20use%20case%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20work%20for%20contoso.com%2C%20and%20collaborate%20with%20another%20business%20fabrikam.com.%20%26nbsp%3B%20Using%20the%20b2b%20invite%20capability%2C%20I%20invite%20Fred%40Fabrikam%20into%20Contoso.com.%20Fred%20redeems%20the%20invitation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFred%20is%20then%20added%20to%20some%20groups%2Fgiven%20access%20to%20some%20AAD%20registered%20applications%20in%20the%20Contoso%20tenant.%20%26nbsp%3BSome%20of%20these%20registered%20applications%20are%20AAD%20Certified%20applications%2C%20supporting%20SCIM%2C%20and%20advanced%20provisioning%2Fdeprovisioning%20activities.%20Some%20of%20these%20applications%20have%20high%20cost%20'seat'%20licensing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFred%20collaborates%20for%20a%20while%20and%20then%20wins%20the%20lottery%2C%20and%20leaves%20Fabrikam.%20Fabrikam%20removes%20Fred%20from%20the%20Fabrikam%20Tenant.%20Fabrikam%20never%20tells%20Contoso%20about%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEventually%20Contoso%20will%20figure%20out%20that%20Fred%20isn't%20logging%20into%20contoso%20anymore%2C%20and%20via%20attestation%2Flast%20login%20horizon%20processes%2C%20will%20remove%20the%20guest%20record%20in%20contoso.com.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20be%20really%20cool%20to%20somehow%20have%20the%20contoso.com%20tenant%20be%20able%20to%20display%20that%20the%20fred%20contoso%20guest%20record%20is%20no%20longer%20viable%2C%20as%20Fabrikam%20has%20deleted%20the%20Fred%40Fabrikam%20user.%20%26nbsp%3BSome%20sort%20of%20periodically%20generated%20report%20that%20lists%20out%20the%20contoso%20guest%20records%20that%20are%20no%20longer%20valid.%20Contoso%20could%20then%20remove%20the%20guest%20record%20from%20groups%2C%20initiating%20deprovisioning%2C%20and%20app%20license%20reclamation....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Using the B2B capability to create guest records in our Organization and allow SSO into our AAD registered apps is a very useful integration.

 

I would really love to somehow see the high level status (link status) of the foreign Org ID record. Not personal information, just very simple something like (Deleted; Disabled; Current/Linked; (or possibly un-link/un-redeemed)

 

Here's the use case:

 

I work for contoso.com, and collaborate with another business fabrikam.com.   Using the b2b invite capability, I invite Fred@Fabrikam into Contoso.com. Fred redeems the invitation.

 

Fred is then added to some groups/given access to some AAD registered applications in the Contoso tenant.  Some of these registered applications are AAD Certified applications, supporting SCIM, and advanced provisioning/deprovisioning activities. Some of these applications have high cost 'seat' licensing.

 

Fred collaborates for a while and then wins the lottery, and leaves Fabrikam. Fabrikam removes Fred from the Fabrikam Tenant. Fabrikam never tells Contoso about this.

 

Eventually Contoso will figure out that Fred isn't logging into contoso anymore, and via attestation/last login horizon processes, will remove the guest record in contoso.com.  

 

It would be really cool to somehow have the contoso.com tenant be able to display that the fred contoso guest record is no longer viable, as Fabrikam has deleted the Fred@Fabrikam user.  Some sort of periodically generated report that lists out the contoso guest records that are no longer valid. Contoso could then remove the guest record from groups, initiating deprovisioning, and app license reclamation....

 

 

0 Replies