ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
06 March 2017

How to manage partner identities better with Azure AD B2B

Profile photo for Marcus Idle - Head of CIAM.
Written by Marcus Idle

Remove all the hard work from linking two cloud-based Active Directories.

It’s one thing having to manage the identities of users in your organisation’s directory; how tricky must it be to add users from your partners into the mix? The task is perhaps not as great as you’d expect, thanks to Azure AD B2B collaboration.

Working out the best way to interact with partners, particularly where large numbers of users are involved, has posed a problem for IT professionals for a while. One approach taken historically has been to ‘federate’ with each partner: a way of making use of partners’ own credentials to login to the host organisation’s resources. But this activity is complex and carries an overhead per partner.

Another common approach is to manage the partner identities within the host organisation – creating and managing accounts for each partner user. But with this approach comes a lot of manual updating, and possible security risks. Thanks to Azure AD B2B, the drawbacks of these other approaches can be avoided altogether.

A service based on Microsoft’s Azure Active Directory feature, B2B makes it easier for organisations to collaborate with partners on the same web applications.

Here’s how it works

Step 1: Invite the user

Click the ‘Add User’ button in the Azure Active Directory Users page as usual, but – in the drop down menu – choose ‘Users in partner companies’. At this point (in the classic Azure portal), you will need to upload a spreadsheet of users to be added.

A sample with column headings is available from the same dialogue box, but you can include email address and name as a minimum, going on to add group IDs and more as optional extras.

Step 2: User accepts invitation

The partner user receives an email from Microsoft Azure with a link to accept the B2B invitation.

  • If the user does not yet have an Azure AD account, they will then be prompted to create a ‘work or school account’. Behind the scenes, this creates a free Azure Active Directory tenant.
  • If the user already has an Azure AD account, they will simply be prompted to sign in.

In cases where an AAD tenant is created, IT departments may subsequently take over this tenant by following the instructions here – see ‘How to perform a DNS domain name takeover’.

See the Microsoft identity stack in action – Watch today!

See the Microsoft identity stack in action – Watch today!

The Microsoft identity stack demos will show you how to:

  • Easily create new user accounts for internal employees and external contractors
  • Reduce risk through automation and password self-service capabilities
Watch now

Step 3: Application appears on “myApps”

The new partner user exists as a ‘Guest’ account within the host/originating AAD, and can be granted membership of groups in this AAD. However, the partner user’s credentials only exist in the partner AAD. This means that:

  • The partner only has to remember one set of credentials to log into their Windows computers, Azure apps and any B2B host’s Azure apps.
  • When the partner user leaves their organisation, they will no longer have access to any of the B2B host applications.


Microsoft’s Azure AD B2B enables information workers to collaborate with partners around the world. It provides them with seamless access to documents and applications, while maintaining complete control over their internal data. Its innovative new approach means that organisations can finally work together in a secure, collaborative and seamless way.

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Profile photo for Marcus Idle - Head of CIAM.

About Marcus Idle

Head of CIAM and IP Development

Marcus Idle is our Head of External Identity. Expert in Microsoft’s Azure AD B2B and B2C technologies, Marcus is passionate about bringing cloud and external identity to life to solve business...


You may also like...


Azure AD B2B vs B2C: What are the key differences between Microsoft’s external access products?


How to reduce membership friction and stay secure with Azure AD B2C


Secure application sign-in with Azure AD B2C

Recent Blog Articles

View All
Related topics

Watch – The Microsoft identity stack in action

See how you can easily create new accounts and reduce risk through automation.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.