finding out who's invited a guest

%3CLINGO-SUB%20id%3D%22lingo-sub-307287%22%20slang%3D%22en-US%22%3ERe%3A%20finding%20out%20who's%20invited%20a%20guest%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307287%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F136971%22%20target%3D%22_blank%22%3E%40Ed%20Eastwood%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInteresting%20use%20case.%20You%20could%20periodically%20query%20the%20unified%20log%26nbsp%3Bfor%20invitation%20events%20and%20then%20write%20the%20requester%26nbsp%3Bto%20one%20of%20the%20B2B%20users%20attributes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20you%20have%20the%20%3CSPAN%3Erequester%26nbsp%3B%3C%2FSPAN%3Ein%20a%20format%20you%20can%20query%2C%20it%20would%20be%20a%20simple%20case%20of%20creating%20a%20dynamic%20group%20rule.%20Lots%20of%20custom%20code%20though....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOther%20option%20would%20be%20to%20use%20the%20B2B%20portal%20which%20has%20the%20ability%20to%20align%20groups%20to%20a%20domain.%20For%20example%2C%20I%20have%20a%20customer%20demo%20with%20SalesForce%20using%20the%20B2B%20portal.%20The%20B2B%20portal%20has%20a%20config%20for%20the%20gmail%20domain%2C%20which%20automatically%20assigns%20the%20user%20to%20a%20Salesforce%20group.%20That%20group%20is%20assigned%20to%20the%20Saleforce%20app%20and%20associated%20user%2Flicense%20provisioning.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20the%20user%20logs%20into%20the%20Access%20Panel%2C%20they%20see%20the%20Salesforce%20icon%2C%20which%20gives%20them%20SSO%20without%20any%20administrator%20interaction.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESelf-service%20portal%20for%20Azure%20AD%20B2B%20collaboration%20sign-up%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fself-service-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fself-service-portal%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E***%20Be%20careful%20using%20Dynamic%20Groups%20for%20B2B%20users%2C%20you%20might%20find%20yourself%20in%20a%20licensing%20predicament.%20%3CEM%3E%22This%20feature%20requires%20an%20Azure%20AD%20Premium%20P1%20license%20for%20%3CSTRONG%3Eeach%20unique%20user%3C%2FSTRONG%3E%20that%20is%20a%20member%20of%20one%20or%20more%20dynamic%20groups.%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-270372%22%20slang%3D%22en-US%22%3ERe%3A%20finding%20out%20who's%20invited%20a%20guest%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-270372%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20accomplish%20this%20as%20well.%20We%20have%20now%20over%201400%20external%20guests%20in%20our%20AAD.%20Need%20a%20script%20to%20be%20able%20to%20send%20a%20status%20of%20invited%20users%20to%20an%20employee.%3C%2FP%3E%3CP%3EOr%20a%20statusreport%20that%20is%20send%20to%20the%20manager%20of%20an%20employee%2C%20who%20leaves%20the%20company.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-181660%22%20slang%3D%22en-US%22%3Efinding%20out%20who's%20invited%20a%20guest%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-181660%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20determine%20(e.g.%20from%20the%20invited%20user's%20properties)%20which%20user%20invited%20a%20user%20to%20the%20directory%3F%20I'd%20like%20B2B%20users%20with%20limited%20administrator%20%2F%20invite%20user%20privileges%20to%20be%20able%20to%20invite%20their%20colleagues%2C%20and%20for%20these%20colleagues%20to%20be%20dynamically%20allocated%20to%20a%20group%20based%20on%20who%20invited%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20an%20alternative%20would%20be%20to%20group%20based%20on%20the%20domain%20of%20their%20email%2C%20but%20I'm%20keen%20to%20explore%20all%20options.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EEd%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-181660%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EB2B%20collaboration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

Hi,

 

Is it possible to determine (e.g. from the invited user's properties) which user invited a user to the directory? I'd like B2B users with limited administrator / invite user privileges to be able to invite their colleagues, and for these colleagues to be dynamically allocated to a group based on who invited them.

 

I guess an alternative would be to group based on the domain of their email, but I'm keen to explore all options.

 

Thanks,

Ed

2 Replies
Highlighted

I'm trying to accomplish this as well. We have now over 1400 external guests in our AAD. Need a script to be able to send a status of invited users to an employee.

Or a statusreport that is send to the manager of an employee, who leaves the company.

Highlighted

@Ed Eastwood

 

 

Interesting use case. You could periodically query the unified log for invitation events and then write the requester to one of the B2B users attributes.

 

Once you have the requester in a format you can query, it would be a simple case of creating a dynamic group rule. Lots of custom code though....

 

Other option would be to use the B2B portal which has the ability to align groups to a domain. For example, I have a customer demo with SalesForce using the B2B portal. The B2B portal has a config for the gmail domain, which automatically assigns the user to a Salesforce group. That group is assigned to the Saleforce app and associated user/license provisioning. 

 

When the user logs into the Access Panel, they see the Salesforce icon, which gives them SSO without any administrator interaction.

 

Self-service portal for Azure AD B2B collaboration sign-up

https://docs.microsoft.com/en-us/azure/active-directory/b2b/self-service-portal

 

*** Be careful using Dynamic Groups for B2B users, you might find yourself in a licensing predicament. "This feature requires an Azure AD Premium P1 license for each unique user that is a member of one or more dynamic groups."

 

Hope this helps!