Azure AD Access Package and external user experience

Copper Contributor


I have created the AzureAD Access Package for external guest users.

  1. Created a catalog

  2. Added two resources to the catalog

    • AAD security group for my external users

    • ServiceNow SSO Enterprise app they will be using to access our instance of ServiceNow.

  3. At the ServiceNow SSO app, I set up some built-in and required user attributes crucial for us (ie. address)

  4. Created an access package with the default policy,

    • with approval for 180 days of access

    • In the section "Users who can request access" I set "For users not in your directory"


When I send the link to the access package outside our organization, the guest user can fill in the Access Package request form, and the request is sent for approval. When a request is approved the guest user is not informed about it and the Azure AD account is still in a Pending acceptance state unless the guest user will not use the resource from our tenant. Then there is a popup about Permission consent from Azure for this user, and then (finally) the user gets a confirmation mail where there is a button "Get started" with a link to (see example below)


I have read the article Request process & notifications - Microsoft Entra entitlement management the diagram for the requestor shows that after the access package is approved the requestor should receive the mail. Well, as I checked it doesn't work that way. Is It a bug or not a properly documented process?


My question is - how to make it more user-friendly, so we do not need to tell guests that they need to open a specific service shared with them to accept the invitation but after the access package is accepted they receive the confirmation mail with the link to MyAccess page?





Thanks for any help





0 Replies