Azure active directory Enterprise Application

%3CLINGO-SUB%20id%3D%22lingo-sub-1402092%22%20slang%3D%22en-US%22%3EAzure%20active%20directory%20Enterprise%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1402092%22%20slang%3D%22en-US%22%3E%3CP%3EQ-%20I%20have%20an%20Enterprise%20Application%20(3rd%20Party%20SaaS)%20registerd%20and%20configured%20with%20SCIM%20and%20enabled%20for%20a%20group%20of%20users.%20I%20want%20to%20provide%20access%20to%20External%20users%20(Say%20Partner%20users)%20on%20SaaS%20application.%20Is%20this%20doable%3F%20Please%20suggest.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1402092%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1407071%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20active%20directory%20Enterprise%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1407071%22%20slang%3D%22en-US%22%3EYes%2C%20take%20a%20look%20at%20the%20Azure%20B2B%2C%20as%20this%20will%20allow%20your%20external%20users%20(partners%20or%20customers)%20to%20access%20your%20SaaS%20application.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410531%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20active%20directory%20Enterprise%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410531%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5941%22%20target%3D%22_blank%22%3E%40Joe%20Stocker%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethank%20you..%3C%2FP%3E%3CP%3ESaaS%20provider%20should%20support%20this%20B2B%20Guest%20authentication.%20I%20am%20checking%20with%20if%20they%20allow%20Guest%20to%20login%20on%20their%20Portal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410537%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20active%20directory%20Enterprise%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410537%22%20slang%3D%22en-US%22%3EIt%20should%20be%20no%20different%20than%20one%20of%20your%20internal%20users%2C%20because%20you%20control%20which%20Claims%20are%20sent.%20So%20for%20example%2C%20you%20can%20pass%20the%20userprincipalname%20as%20a%20claim%2C%20and%20as%20long%20as%20your%20SaaS%20application%20has%20a%20user%20account%20matching%20that%20userprincipalname%20(or%20email%20field)%20then%20it%20should%20logon%20just%20the%20same.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1431708%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20active%20directory%20Enterprise%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1431708%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F672477%22%20target%3D%22_blank%22%3E%40vkumar1983%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20invite%20guest%20users%20to%20the%20directory%2C%20to%20a%20Group%2C%20or%20to%20an%20application.%3CBR%20%2F%3EWhen%20you%20Invite%20the%20Guest%20in%20Azure%20AD%20the%20Invitation%20will%20be%20sent%20to%20the%20external%20user%20and%20the%20external%20user%20has%20to%20click%20on%20the%20Invite%20URL%2C%20Once%20he%5Cshe%20clicks%20on%20the%20URL%20the%20invited%20user's%20account%20will%20get%20created%20in%20Azure%20AD%20Automatically%20with%20a%20user%20type%20as%20'Guest'.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20this%20external%20user%20is%20created%20as%20a%20'Guest%20user'%20in%20the%20Directory%2C%20you%20can%20send%20the%20guest%20user%20a%20direct%20link%20to%20access%20a%20Shared%20application.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Q- I have an Enterprise Application (3rd Party SaaS) registerd and configured with SCIM and enabled for a group of users. I want to provide access to External users (Say Partner users) on SaaS application. Is this doable? Please suggest.

4 Replies
Yes, take a look at the Azure B2B, as this will allow your external users (partners or customers) to access your SaaS application. https://docs.microsoft.com/en-us/azure/active-directory/b2b/

@Joe Stocker 

thank you..

SaaS provider should support this B2B Guest authentication. I am checking with if they allow Guest to login on their Portal.

It should be no different than one of your internal users, because you control which Claims are sent. So for example, you can pass the userprincipalname as a claim, and as long as your SaaS application has a user account matching that userprincipalname (or email field) then it should logon just the same.

@vkumar1983 

You can invite guest users to the directory, to a Group, or to an application.
When you Invite the Guest in Azure AD the Invitation will be sent to the external user and the external user has to click on the Invite URL, Once he\she clicks on the URL the invited user's account will get created in Azure AD Automatically with a user type as 'Guest'. 

 

Once this external user is created as a 'Guest user' in the Directory, you can send the guest user a direct link to access a Shared application.