Mar 17 2021
- last edited on
Jan 14 2022
Azure AD has allowed multiple controls for managing guest users to reduce their potential security risk but it also leaves some broken functionality here and there. For instance consider the following use case:
Company A has published an app that guest users from Company B can access. In order to delegate management, a new group was created where a guest user from Company B is made an owner of. This user (lets say John) can decide based on group membership who of his colleagues from Company B can access this app.
It seems there is a problem between having too little or too much permissions for a guest user which either prevents productivity or exposes security risks.
What would be the best way to solve for this scenario?