Jan 16 2024 08:40 AM - edited Jan 16 2024 08:41 AM
Hello there!
In our Azure environment, we collaborate with multiple companies that want to use our services (B2B). Our services use RBAC synchronized with security groups in MS Entra. Each customer company has a set of security groups within our tenant. Group membership authorizes the guest users to use our services. Now, we are looking for a way to allow a customer company administrator to add or remove users from the specific groups created for that company by themself. However, the customer company administrator should only be able to manage their employees in the groups specifically created for their company, i.e., add or remove them. Is there a known solution for this?
Unfortunately, Administrative Units do not work for us because they require a privileged role at the global scope.
Jan 17 2024 12:41 AM
SolutionJan 17 2024 03:05 AM
Jan 17 2024 12:41 AM
Solution