Azure AD B2B Collaboration provides customers with an easy way to share applications and collaborate with people from any organization, whether or not they have Azure AD or an IT department. We’ve been working to make B2B Collaboration even more seamless by helping partners bring their own identity. For example, last summer we announced support for Google social IDs.
Today, I'm thrilled to announce the next major step for B2B Collaboration—the public preview of email one-time passcodes (OTP), which lets you support B2B sharing with anyone in the world with an email account!
With email OTP, any partner who doesn't have an existing Microsoft-backed account or Google social ID can seamlessly access shared resources and collaborate without having to create a new account. When you invite a guest who doesn’t have an Azure AD, Google, or Microsoft Account, they can use their existing email account to collaborate. Each time they sign-in using Azure AD, they receive an OTP code via email, which they can enter to prove continued ownership of the email inbox.
By using this new capability, you allow guest users to use their work email account for authentication while making sure your corporate resources are protected by the same security standards that are mandated by your partner organization. In addition, you can optionally apply additional security through conditional access and Multi-Factor Authentication (MFA).
Guests using email OTP are just like any other B2B guests, and they have access to the same Azure AD features.
Our Email OTP capability also has built-in lightweight lifecycle management. Each authentication session only lasts 24 hours, after which guests have to re-authenticate with a new email OTP. This means your guests have to prove they still have access to their work email inboxes and have not left the partner company every 24 hours.
Email OTP enables you to collaborate with anyone, no matter where they are in their cloud journey. If your partner organization is not yet in the cloud or in a hybrid environment, on-premises guests can simply sign in with email OTP instead of having to use cloud sync, federation, or another solution.
Let me walk you through the user sign in experience. At redemption time and subsequent authentications, the guest sees a sign in prompt that asks them to request a code.
Then, they receive a one-time passcode code via email, which allows them to sign in.