Azure AD B2B collaboration direct federation with SAML and WS-Fed providers now in public preview

Published Jul 08 2019 09:00 AM 35.2K Views

Howdy folks,

 

We’ve been making it easier to work with your partners by enabling you to collaborate with them using their existing identities, regardless of whether they use Azure AD or not. We already support Google social IDs as well as any email account. As a next major step in this direction, I’m excited to announce that we have a new capability—direct federation—now in public preview!

 

Direct federation makes it easier for you to work with partners whose IT managed identity solution is not Azure AD. It works with identity systems that support the SAML or WS-Fed standards. When you set up a direct federation relationship with a partner, any new guest user you invite from that domain can collaborate with you using their existing organizational account. This makes the user experience for your guests more seamless.

 

With direct federation, your guest users sign in with their organizational account, satisfying any security requirements that your partner organization has already implemented. Any additional security controls you implement for guest users, such as stronger proof of ownership for Multi-Factor Authentication (MFA), also applies to these users. When your guest leaves their organization, they no longer have access to resources.

 

 

Figure 1. User authentication journey using direct federation.Figure 1. User authentication journey using direct federation.

 

Let’s walk through what happens when a user signs in with direct federation:

  1. The direct federation user clicks a link to an application or resource you have shared with them.
  2. Azure AD checks to see if the user has been invited. 
  3. The user is re-directed to their identity provider for sign-in. 
  4. After successful sign-in, the user is returned to Azure AD. 
  5. Azure AD validates the token then sends the user to app for access. (Figure 1)  

Watch this video to learn more about how direct federation works and other identities we support.

 

Figure 2. Setting up direct federation in Azure AD—Organizational relationships.Figure 2. Setting up direct federation in Azure AD—Organizational relationships.

To try direct federation in the Azure portal,  go to Azure Active Directory > Organizational relationships - Identity providers, where you can populate your partner’s identity provider metadata details by uploading a file or entering the details manually. (Figures 2 and 3) During public preview, we only support direct federation with an identity provider whose authentication URL matches the target domain for direct federation or belongs to a standard identity provider.

 

Figure 3. Populating direct federation metadata in Azure AD.Figure 3. Populating direct federation metadata in Azure AD.

Go ahead and dive into the documentation to try out direct federation and learn more! Let us know what you think by taking our brief survey.

 

And as always, connect with us for any discussion or send us your feedback and suggestions. You know we’re listening! 

 

Best regards,

 

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division

24 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-744031%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744031%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Alex%2C%20great%20article%20and%20nice%20to%20have%20this%20capabilities%20at%20AAD%20level%20however%2C%20how%20will%20be%20the%20deletion%20of%20those%20Guest%20accounts%20that%20no%20longer%20can%20authenticate%20by%20their%20identity%20provider%3F%20is%20there%20any%20mechanism%20that%20will%20keep%20clean%20and%20tidy%20the%20AAD%20for%20guest%20accounts%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-744033%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744033%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Gamaliel%20-%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGreat%20question.%20Azure%20AD%20Access%20Reviews%20and%20Entitlement%20Lifecycle%20Management%20are%20both%20great%20options%20for%20automating%20the%20review%20and%2For%20removal%20of%20guest%20accounts%20from%20you%20tenant.%20I%20would%20recommend%20getting%20started%20by%20reading%20this%20blog%20post%20from%20a%20few%20months%20back%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAnnouncing-a-new-Azure-AD-identity-governance-preview%2Fba-p%2F480864%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAnnouncing-a-new-Azure-AD-identity-governance-preview%2Fba-p%2F480864%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20Regards%2C%3C%2FP%3E%0A%3CP%3EAlex%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-744304%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744304%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20stuff%2C%20keep%20it%20coming!%20Been%20waiting%20for%20this%20feature.%20Will%20surely%20be%20a%20choice%20for%20many%20of%20our%20customers!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-744341%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744341%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20improvement.%20Is%20there%20any%20way%20to%20merge%20the%20existing%20guest%20accounts%20(Microsoft%20accounts)%20into%20the%20direct%20federation%20account%3F%20e.g%20unnie%40abc.com%20(MS%20account)has%20access%20to%20a%20shared%20app%20within%20contoso.%20Now%20contoso%20has%20direct%20federation%20with%20abc.com%20AD%20%2C%20how%20will%20the%20existing%20unnie%40abc.com%20behave%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-744899%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-744899%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20resolve%20the%20previous%20issues%20with%20Gmail%20authentication%20integration%20where%20users%20visiting%20non-tenant%20specific%20login%20pages%20(e.g.%20Teams.microsoft.com)%20could%20not%20log%20in%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-746032%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-746032%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Alex%2C%20nice%20work!%20%26nbsp%3BCouple%20of%20questions...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20how%20does%20role%20and%20attribute%20mapping%20work%20in%20this%20model%3F%20%26nbsp%3BI%20assume%20the%203rd%20party%20IDP%20is%20just%20for%20identity%2C%20and%20the%20Azure%20Enterprise%20App%20is%20still%20used%20for%20the%20authorisation%20and%20SAML%20token%20attribute%20mapping%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20do%20you%20need%20the%203rd%20parties%20IDP%20metadata%3F%20%26nbsp%3BIs%20it%20a%20formal%20SAML%20(metadata%20exchanged)%20relationship%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EJohn%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763762%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763762%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20a%20really%20exciting%20feature!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20use%20this%20to%20federate%20with%20another%20Azure%20AD%20tenant%3F%20We%20work%20very%20closely%20with%20them%20and%20need%20to%20give%20their%20users%20access%20to%20some%20of%20our%20apps%2C%20the%20guest%20accounts%20work%20for%20now%20but%20there%20is%20a%20scale%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-773997%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-773997%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F44438%22%20target%3D%22_blank%22%3E%40Phillip%20Lyle%3C%2FA%3EDirect%20federation%20users%20can%20also%20only%20be%20able%20to%20authenticate%20at%20a%20tenanted%20endpoint%20currently.%20We%20are%20working%20on%20a%20solution%20for%20these%20users%20to%20authenticate%20at%20the%20common%20endpoint.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F29544%22%20target%3D%22_blank%22%3E%40unnie%20ayilliath%3C%2FA%3EThere's%20currently%20no%20easy%20way%20to%20merge%20accounts%20or%20convert%20an%20existing%20account's%20authentication%20method%20to%20another.%20We%20are%20working%20on%20a%20solution%20that%20would%20make%20the%20latter%20for%20guests%20easier.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F559%22%20target%3D%22_blank%22%3E%40Weston%20Woolworth%3C%2FA%3EYou%20cannot%20use%20direct%20federation%20for%20federating%20with%20a%20domain%20that%20is%20DNS%20verified%20on%20Azure%20AD%20(ie.%20another%20Azure%20AD%20tenant).%20Direct%20federation%20was%20designed%20for%20collaboration%20from%20an%20Azure%20AD%20tenant%20to%20another%20org%20that%20is%20not%20Azure%20AD.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-788831%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-788831%22%20slang%3D%22en-US%22%3E%3CP%3EIndeed%20this%20is%20great%20Alex%2C%20but%20I%20see%20in%20the%20documentation%20(aka.ms%2Fb2b-direct-fed)%20that%20it%20%3CSTRONG%3Edoes%20not%20support%20verified%20domain%20names%3C%2FSTRONG%3E.%20Is%20this%20a%20long-term%20limitation%20or%20will%20there%20be%20an%20update%20soon.%20Any%20large%20customer%20that%20would%20like%20to%20use%20this%20will%20most%20definitely%20have%20a%20verified%20domain%20name%20in%20Azure.%20Any%20help%20you%20can%20offer%20would%20be%20great!%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-790684%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-790684%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387577%22%20target%3D%22_blank%22%3E%40NRuest%3C%2FA%3Ecan%20you%20elaborate%20on%20your%20scenario%20where%20you%20need%20to%20federate%20with%20a%20verified%20domain%20on%20Azure%20AD%3F%20Note%20that%20direct%20federation%20is%20meant%20to%20support%20federation%20with%20external%20orgs%20who%20you're%20collaborating%20with.%20There%20are%20orgs%20you%20may%20work%20with%20whose%20domains%20may%20be%20verified%20on%20Azure%20AD%3B%20I%20would%20like%20to%20make%20sure%20we're%20talking%20about%20the%20same%20scenario.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-790717%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-790717%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F273625%22%20target%3D%22_blank%22%3E%40Maria_Lai%3C%2FA%3E.%20From%20what%20I%20understand%2C%20if%20my%20organization%20has%20a%20verified%20domain%20name%20such%20as%20Contoso.Com%20in%20Azure%2C%20then%20I%20cannot%20use%20direct%20federation.%20I%20may%20be%20wrong%2C%20but%20when%20I%20first%20obtain%20a%20subscription%20in%20Azure%2C%20my%20domain%20becomes%20contoso.onmicrosoft.com.%20When%20I%20add%20my%20verified%20DNS%20domain%2C%20contoso.com%2C%20to%20my%20subscription%2C%20it%20becomes%20a%20verified%20domain.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20documentation%20in%20the%20link%20I%20mentioned%20clearly%20states%20that%20direct%20federation%20does%20not%20work%20with%20verified%20DNS%20names.%20Does%20that%20apply%20to%20me%20as%20Contoso.com%20or%20does%20that%20apply%20to%20my%20partners%2C%20such%20as%20Woodgrove.com%20who%20would%20have%20verified%20their%20names%20in%20Azure%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20be%20clear%2C%20my%20goal%20is%20to%20have%20multiple%20partners%20(possibly%20over%20100)%20interact%20with%20single%20sign%20on%20through%20direct%20federation%20in%20an%20Azure%20AD-based%20B2B%20environment%20to%20facilitate%20the%20use%20of%20resources%20that%20are%20accessed%20through%20this%20iteration%20of%20Azure%20AD.%20Am%20I%20going%20about%20this%20the%20right%20way%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-791461%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-791461%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387577%22%20target%3D%22_blank%22%3E%40NRuest%3C%2FA%3E.%20%22%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23f8f8f8%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EDoes%20that%20apply%20to%20me%20as%20Contoso.com%20or%20does%20that%20apply%20to%20my%20partners%2C%20such%20as%20Woodgrove.com%20who%20would%20have%20verified%20their%20names%20in%20Azure%3F%22%20This%20restriction%20applies%20to%20your%20partners%2C%20whom%20you're%20federating%20with.%20I'll%20update%20the%20doc%20to%20be%20more%20clear.%20As%20long%20as%20your%20partners'%20domains%20are%20not%20DNS%20verified%20on%20Azure%20AD%20(and%20they%20pass%20the%20other%20restrictions%20during%20public%20preview)%2C%20you%20will%20be%20able%20to%20federate%20with%20them.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23f8f8f8%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EHow%20many%20users%20from%20each%20partner%20you%20might%20federate%20with%20do%20you%20expect%20to%20come%20into%20your%20tenant%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-792883%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-792883%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F273625%22%20target%3D%22_blank%22%3E%40Maria_Lai%3C%2FA%3EThanks%20Maria.%20That%20does%20make%20it%20clearer.%20So%20if%20my%20domain%20is%20verified%2C%20it%20is%20OK.%20That%20is%20great.%20However%2C%20some%20of%20my%20partners%20will%20have%20verified%20DNS%20names%20because%20they%20will%20have%20their%20own%20Azure%20subscriptions.%20Can%20you%20confirm%20that%20for%20these%20partners%2C%20we%20won't%20need%20to%20use%20direct%20federation%3F%20We%20could%20use%20an%20Azure%20subscription%20to%20Azure%20subscription%20federation%3F%20For%20the%20others%2C%20we%20would%20be%20OK%20with%20non-verified%20names.%20As%20for%20the%20number%20of%20users%20from%20each%20partner%2C%20it%20would%20be%20small%20at%20first%20but%20it%20will%20gradually%20increase%20as%20time%20goes%20by%20as%20our%20partners%20become%20familiar%20with%20our%20applications%20and%20begin%20to%20embrace%20the%20solution%20we%20have%20in%20place%20for%20them.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20really%20appreciate%20your%20responses%20BTW.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916529%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916529%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20Alex%2C%20Maria%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20exactly%20looking%20for%20same%20setup%20for%20our%20organisation%2C%20Direct%20federation%20with%20SAML%20for%20multiple%20IDP%20provider.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20try%20this%20configuration%2C%20i%20first%20started%20with%20our%20ADFS%20IDP%20which%20is%20configured%20in%20our%20On-premise%20VM.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20updated%20our%20on-premise%20ADFS%20configuration%20as%20per%20this%20document%20-%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fb2b%2Fdirect-federation-adfs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fb2b%2Fdirect-federation-adfs%3C%2FA%3E.%3C%2FP%3E%3CP%3ENext%2C%20when%20i%20am%3CSPAN%3E%26nbsp%3Btrying%20to%20setup%20%22%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-message-read%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAzure-AD-B2B-collaboration-direct-federation-with-SAML-and-WS%2Fba-p%2F735133%22%20target%3D%22_blank%22%3EAzure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%3C%2FA%3E%22%2C%20in%20Azure%20portal%20as%20mentioned%20above%20steps%2C%26nbsp%3B%20i%20get%20error%20%22Failed%20to%20add%20a%20SAML%2FWS-Fed%20identity%20provider%22%20when%20i%20click%20Save%20Button.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-message-read%22%3EThere%20is%20no%20further%20explanation%2C%20error%20logs%20to%20troubleshoot%20further.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-message-read%22%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E%3CSPAN%3E%E2%80%AF%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F273625%22%20target%3D%22_blank%22%3E%40Maria_Lai%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3EPlease%20advise%20how%20to%20identify%20the%20issues%20and%20setup%20this%20configuration.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-message-read%22%3E%3CSPAN%3EThanks!%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987625%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987625%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20interesting.%3C%2FP%3E%3CP%3EIf%20multiple%20(SAML%20%2F%20WS-Fed)%20IdP's%20are%20configured%2C%20how%20does%20the%20Azure%20AD%20direct%20federation%20functionality%20know%20to%20which%20IdP%20it%20should%20redirect%20the%20user%20for%20authentication%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987929%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987929%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20PJ%2C%20you%20define%20the%20IdPs%20in%20the%20Azure%20Organizational%20Relationships%20--%20Identity%20Providers%20interface%2C%20so%20Azure%20AD%20knows%20which%20IdP%20to%20go%20to%20based%20on%20your%20own%20definitions%20in%20the%20portal.%20Pretty%20cool%20functionality%20if%20you%20ask%20me.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987942%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987942%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387577%22%20target%3D%22_blank%22%3E%40NRuest%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20understand.%3C%2FP%3E%3CP%3EWhat%20if%20I%20define%205%20IdP's%20in%20the%20Azure%20Organizational%20Relationships%20--%20Identity%20Providers%20interface.%3C%2FP%3E%3CP%3EI%20invite%20a%20new%20user%20and%20the%20user%20accepts%20the%20invitation%20(during%20this%20process%20the%20user%20is%20not%20pinned%20to%20one%20of%20the%20IdP's)%3C%2FP%3E%3CP%3EHow%20does%20Azure%20AD%20direct%20federation%20functionality%20know%20to%20which%20of%20the%205%26nbsp%3BIdP's%20it%20should%20redirect%20the%20user%20for%20authentication%20when%20the%20user%20accepts%20the%20invitation%20%3F%3C%2FP%3E%3CP%3ESecond%20complication%20%3A%20What%20can%20or%20should%20happen%20if%20this%20user%20has%20an%20account%20at%202%20or%20more%20of%20the%205%20IdP's%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987956%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987956%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20PJ.%20If%20you%20look%20at%20the%20diagram%20in%20Figure%201%2C%20you'll%20see%20that%20everything%20is%20based%20on%20the%20invitation%20you%20send%20to%20the%20user.%20This%20invitation%20will%20identify%20which%20IdP%20is%20to%20be%20used.%20Does%20that%20help%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987974%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987974%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387577%22%20target%3D%22_blank%22%3E%40NRuest%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3EOK%2C%20now%20I%20understand%20where%20the%20limitation%20is.%3C%2FP%3E%3CP%3EFigure%201%20assumes%20that%20the%20users%26nbsp%3B...%40fabrikam.com%20is%20always%20equal%20to%20the%20domain%20used%20to%20configure%20the%20IdP%2C%20%2C%20because%20that%20is%20not%20necessarily%20true%20in%20all%20cases.%3C%2FP%3E%3CP%3EI%20have%20at%20least%20one%26nbsp%3BIdP%2C%20with%20a%20directory%20behind%20it%20that%20contains%20mixed%20B2B%20identities%20with%20users%20from%20a%20(non-limited)%20set%20of%20domains%20in%20their%20userId%2Femail%20address.%3C%2FP%3E%3CP%3ESo%2C%20that's%20not%20going%20work%20with%20this%20setup.%3C%2FP%3E%3CP%3EBecause%20the%20domain%20of%20the%20IdP%20is%2C%20for%20instance%2C%26nbsp%3BallCompanies.com%2C%20but%20the%20users%20identify%20themselves%20with%20%E2%80%A6%40companyA.com%2C%20%E2%80%A6%40companyB.com%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1097579%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1097579%22%20slang%3D%22en-US%22%3E%3CP%3ETested%20this%20today%20with%20a%20self-contained%20domain%20(no%20internet%20access%20to%20it%2C%20users%20access%20ADFS%20IdP%20via%20private%20connection)%20and%20it%20works%20like%20a%20charm.%20Only%20real%2C%20dependencies%20is%20the%20URL%20requirement%20(ADFS%20URL%20must%20be%20within%20the%20domain%20you%20are%20federating%20with%2C%20eg.%20if%20federating%20with%20TestDomain.local%20then%20ADFS%20must%20be%20something%20like%20adfs.testdomain.local)%2C%20and%20that%20the%20domain%20must%20not%20be%20verified%20on%20any%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESuper-cool!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-735133%22%20slang%3D%22en-US%22%3EAzure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20preview%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-735133%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%E2%80%99ve%20been%20making%20it%20easier%20to%20work%20with%20your%20partners%20by%20enabling%20you%20to%20collaborate%20with%20them%20using%20their%20existing%20identities%2C%20regardless%20of%20whether%20they%20use%20Azure%20AD%20or%20not.%20We%20already%20support%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAzure-AD-B2B-Collaboration-support-for-Google-IDs-is-now-in%2Fba-p%2F245459%22%20target%3D%22_blank%22%3EGoogle%20social%20IDs%3C%2FA%3E%20as%20well%20as%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAzure-AD-makes-sharing-and-collaboration-seamless-for-any-user%2Fba-p%2F325949%22%20target%3D%22_blank%22%3Eany%20email%20account%3C%2FA%3E.%20As%20a%20next%20major%20step%20in%20this%20direction%2C%20I%E2%80%99m%20excited%20to%20announce%20that%20we%20have%20a%20new%20capability%E2%80%94direct%20federation%E2%80%94now%20in%20public%20preview!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDirect%20federation%20makes%20it%20easier%20for%20you%20to%20work%20with%20partners%20whose%20IT%20managed%20identity%20solution%20is%20not%20Azure%20AD.%20It%20works%20with%20identity%20systems%20that%20support%20the%20SAML%20or%20WS-Fed%20standards.%20When%20you%20set%20up%20a%20direct%20federation%20relationship%20with%20a%20partner%2C%20any%20new%20guest%20user%20you%20invite%20from%20that%20domain%20can%20collaborate%20with%20you%20using%20their%20existing%20organizational%20account.%20This%20makes%20the%20user%20experience%20for%20your%20guests%20more%20seamless.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20direct%20federation%2C%20your%20guest%20users%20sign%20in%20with%20their%20organizational%20account%2C%20satisfying%20any%20security%20requirements%20that%20your%20partner%20organization%20has%20already%20implemented.%20Any%20additional%20security%20controls%20you%20implement%20for%20guest%20users%2C%20such%20as%20stronger%20proof%20of%20ownership%20for%20Multi-Factor%20Authentication%20(MFA)%2C%20also%20applies%20to%20these%20users.%20When%20your%20guest%20leaves%20their%20organization%2C%20they%20no%20longer%20have%20access%20to%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Figure%201.%20User%20authentication%20journey%20using%20direct%20federation.%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122090iBA87E43C4D2D09FB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Direct%20federation%201.png%22%20alt%3D%22Figure%201.%20User%20authentication%20journey%20using%20direct%20federation.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%201.%20User%20authentication%20journey%20using%20direct%20federation.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%E2%80%99s%20walk%20through%20what%20happens%20when%20a%20user%20signs%20in%20with%20direct%20federation%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EThe%20direct%20federation%20user%20clicks%20a%20link%20to%20an%20application%20or%20resource%20you%20have%20shared%20with%20them.%3C%2FLI%3E%0A%3CLI%20aria-setsize%3D%22-1%22%20data-leveltext%3D%22%251.%22%20data-font%3D%22Calibri%2CCalibri_MSFontService%2CSans-Serif%22%20data-listid%3D%226%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%3CSPAN%3EAzure%20AD%20checks%20to%20see%20if%20the%20user%20has%20been%20invited.%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A120%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22TextRun%20%20BCX1%20SCXW242316007%22%20data-contrast%3D%22auto%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX1%20SCXW242316007%22%3EThe%20user%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX1%20SCXW242316007%22%20data-contrast%3D%22auto%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX1%20SCXW242316007%22%3Eis%20re-directed%20to%20their%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX1%20SCXW242316007%22%20data-contrast%3D%22auto%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX1%20SCXW242316007%22%3Eidentity%20provider%20for%20sign-in.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAfter%20successful%20sign%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E-%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ein%2C%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ethe%20user%20is%20returned%20to%20Azure%20AD%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A120%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAzure%20AD%20validates%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ethe%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Etoken%20then%20sends%20the%20user%20to%20app%20for%20access%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%20%3CSPAN%20data-contrast%3D%22auto%22%3E(%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EFigure%20%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E1)%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A120%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EWatch%20-ERR%3AREF-NOT-FOUND-this%20video%20to%20learn%20more%20about%20how%20direct%20federation%20works%20and%20other%20identities%20we%20support.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Figure%202.%20Setting%20up%20direct%20federation%20in%20Azure%20AD%26amp%3Bmdash%3BOrganizational%20relationships.%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122001i6B3BBFCEF75D04AC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Direct%20federation%202%20v2.PNG%22%20alt%3D%22Figure%202.%20Setting%20up%20direct%20federation%20in%20Azure%20AD%E2%80%94Organizational%20relationships.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%202.%20Setting%20up%20direct%20federation%20in%20Azure%20AD%E2%80%94Organizational%20relationships.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ETo%20try%20direct%20federation%20in%20the%20Azure%20portal%2C%20%26nbsp%3Bgo%20to%20%3CSTRONG%3EAzure%20Active%20Directory%3C%2FSTRONG%3E%26gt%3B%20%3CSTRONG%3EOrganizational%20relationships%20-%20Identity%20providers%3C%2FSTRONG%3E%2C%20where%20you%20can%20populate%20your%20partner%E2%80%99s%20identity%20provider%20metadata%20details%20by%20uploading%20a%20file%20or%20entering%20the%20details%20manually.%20(Figures%202%20and%203)%20During%20public%20preview%2C%20we%20only%20support%20direct%20federation%20with%20an%20identity%20provider%20whose%20authentication%20URL%20matches%20the%20target%20domain%20for%20direct%20federation%20or%20belongs%20to%20a%20standard%20identity%20provider.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Figure%203.%20Populating%20direct%20federation%20metadata%20in%20Azure%20AD.%22%20style%3D%22width%3A%20556px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121967iBB3827CF0F5CE3FB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Direct%20federation%203.png%22%20alt%3D%22Figure%203.%20Populating%20direct%20federation%20metadata%20in%20Azure%20AD.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%203.%20Populating%20direct%20federation%20metadata%20in%20Azure%20AD.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EGo%20ahead%20and%20-ERR%3AREF-NOT-FOUND-dive%20into%20the%20documentation%20to%20try%20out%20direct%20federation%20and%20learn%20more!%20Let%20us%20know%20what%20you%20think%20by%20taking%20our%20-ERR%3AREF-NOT-FOUND-brief%20survey.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20as%20always%2C%20connect%20with%20us%20for%20any%20-ERR%3AREF-NOT-FOUND-discussion%20or%20send%20us%20your%20-ERR%3AREF-NOT-FOUND-feedback%20and%20suggestions.%20You%20know%20we%E2%80%99re%20listening!%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(-ERR%3AREF-NOT-FOUND-%40Alex_A_Simons%E2%80%AF)%3C%2FP%3E%0A%3CP%3ECorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-735133%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20new%20capability%E2%80%94direct%20federation%E2%80%94makes%20it%20easier%20to%20work%20with%20partners%20whose%20IT%20managed%20identity%20solution%20is%20not%20Azure%20AD.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Direct%20federation%201.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F122089iF348270A88A7286F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Direct%20federation%201.png%22%20alt%3D%22Direct%20federation%201.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-735133%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIdentity%20and%20Access%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1807001%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807001%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20federated%20domain%20users%20can%20access%20the%20applications%20of%20Azure%20AD%20when%20federated%20domain%20is%20third%20party%20IDP%20i.e.%20Onelogin%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1950828%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20B2B%20collaboration%20direct%20federation%20with%20SAML%20and%20WS-Fed%20providers%20now%20in%20public%20previe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1950828%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMay%20someone%20confirm%20whether%20Direct%20Federation%20can%20be%20used%20to%20connect%20Azure%20AD%20to%20another%20Azure%20AD%20tenant%3F%20%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EWould%20like%20some%20users%20in%20a%20MS365%20Education%20tenant%20to%20have%20access%20to%20resources%20in%20separate%20corporate%20tenant.%20%26nbsp%3BBoth%20tenants%20are%20owned%20by%20same%20organization.%20%26nbsp%3BIs%20there%20another%20better%20way%20to%20do%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EKhalyl%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Aug 19 2021 04:21 PM
Updated by: