cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

User and Group Management for Guest Users in Selected Groups

Julian_Friederich
Copper Contributor

‎Jan 16 2024 08:40 AM - edited ‎Jan 16 2024 08:41 AM

‎Jan 16 2024 08:40 AM - edited ‎Jan 16 2024 08:41 AM

User and Group Management for Guest Users in Selected Groups

Hello there!

In our Azure environment, we collaborate with multiple companies that want to use our services (B2B). Our services use RBAC synchronized with security groups in MS Entra. Each customer company has a set of security groups within our tenant. Group membership authorizes the guest users to use our services. Now, we are looking for a way to allow a customer company administrator to add or remove users from the specific groups created for that company by themself. However, the customer company administrator should only be able to manage their employees in the groups specifically created for their company, i.e., add or remove them. Is there a known solution for this?

Unfortunately, Administrative Units do not work for us because they require a privileged role at the global scope.

305 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Julian_Friederich (Copper Contributor)
Vasil Michev

‎Jan 17 2024 12:41 AM

‎Jan 17 2024 12:41 AM

Solution

Re: User and Group Management for Guest Users in Selected Groups

Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.
1 Like
Reply
Julian_Friederich

‎Jan 17 2024 03:05 AM

‎Jan 17 2024 03:05 AM

Re: User and Group Management for Guest Users in Selected Groups

Hi Vasil,

Thank you for sharing your thoughts!
Yes, the "Customer admin" is part of my Directory, but as a B2B Guest.
After changing the UserType property from Guest to Member, it worked exactly as you described with assign as owner of the groups.

Thank you for your assistance, and have a great day!
Cheers
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Julian_Friederich (Copper Contributor)
Vasil Michev

‎Jan 17 2024 12:41 AM

‎Jan 17 2024 12:41 AM

Solution

Re: User and Group Management for Guest Users in Selected Groups

Assuming the "customer administrator" accounts are also part of your directory, you can assign them as owners of the groups in question and allow management via the self-service feature. Also make sure that the relevant settings under the Entra portal are enabled.

View solution in original post

1 Like
Reply