cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tenant Restrictions and B2B

Keith Potter
Copper Contributor

‎Jul 06 2017 09:21 AM - last edited on ‎Jan 14 2022 04:48 PM by

‎Jul 06 2017 09:21 AM - last edited on ‎Jan 14 2022 04:48 PM by

Tenant Restrictions and B2B

Will the implementation of tenant restrictions via proxy header injection prevent users in our directory who were invited as B2B guest users to another tenant from accessing that partner tenant from our network where tenant restrictions are in place?  I posed this question at a MS tech summit and was told no - the answer given was that as the authentication takes place in in the invitee's (our) tenant (as the identity directory).   But isn't the access security token given by the resource tenant with their tenant ID?  My own testing with Fiddler has confirmed that indeed I cannot access a resource tenant as a guest user that isn't included in 'Restrict-Access-To-Tenants' in our proxy header.

 

This would mean updating on the proxy a list of organizations that we could partner with as invitees, which makes the feature not as practical or useful as we originally thought.

 

Is there any thought of whitelisting companies for outgoing and incoming B2B relationships that can be maintained at the tenant level?

 

Many thanks!

 

 

Labels:
4,631 Views
2 Likes
3 Replies
Reply
3 Replies
Girish Duvuru

‎Jul 06 2017 09:29 AM

‎Jul 06 2017 09:29 AM

Re: Tenant Restrictions and B2B

We have a allow / deny list coming up for managing outgoing relationships, but what is your scenario for restricting incoming relationships?

1 Like
Reply
Keith Potter

‎Jul 06 2017 09:55 AM - edited ‎Jul 06 2017 09:59 AM

‎Jul 06 2017 09:55 AM - edited ‎Jul 06 2017 09:59 AM

Re: Tenant Restrictions and B2B

With tenant restrictions in place via our proxy (allowing only our tenant/domain), is there a way that the access token can be granted to our users as guests of allowed partners we identify within our tenant? Tenant restrictions is great for preventing users to access tenants where they may have accounts, but how can we make this work for user accounts which exist in our own directory when invited as guest?

And either way, it would be useful to have a whitelist of organizations that our users are allowed to be invited as guests to.  Or auditing of such?

0 Likes
Reply
Sarat Subramaniam

‎Jul 06 2017 09:58 AM

‎Jul 06 2017 09:58 AM

Re: Tenant Restrictions and B2B

Hi Keith - that's a great scenario and we'll definitely consider this feature request.
1 Like
Reply