Azure AD Access Package and external user experience

Copper Contributor

Hi,

I have created the AzureAD Access Package for external guest users.

  1. Created a catalog

  2. Added two resources to the catalog

    • AAD security group for my external users

    • ServiceNow SSO Enterprise app they will be using to access our instance of ServiceNow.

  3. At the ServiceNow SSO app, I set up some built-in and required user attributes crucial for us (ie. address)

  4. Created an access package with the default policy,

    • with approval for 180 days of access

    • In the section "Users who can request access" I set "For users not in your directory"

 

When I send the link to the access package outside our organization, the guest user can fill in the Access Package request form, and the request is sent for approval. When a request is approved the guest user is not informed about it and the Azure AD account is still in a Pending acceptance state unless the guest user will not use the resource from our tenant. Then there is a popup about Permission consent from Azure for this user, and then (finally) the user gets a confirmation mail where there is a button "Get started" with a link to https://myaccess.microsoft.com/@company.onmicrosoft.com#/access-packages/active/c818e727-xxxx-xxxx-x... (see example below)

 

I have read the article Request process & notifications - Microsoft Entra entitlement management the diagram for the requestor shows that after the access package is approved the requestor should receive the mail. Well, as I checked it doesn't work that way. Is It a bug or not a properly documented process?

 

My question is - how to make it more user-friendly, so we do not need to tell guests that they need to open a specific service shared with them to accept the invitation but after the access package is accepted they receive the confirmation mail with the link to MyAccess page?

 

 

mziemba_1-1700040281803.png

 

Thanks for any help

/Mike

 

 

 

0 Replies