Presentation is loading. Please wait.

Presentation is loading. Please wait.

Azure AD B2B SHAREPOINT ONLINE COLLABORATION WITH EXTERNAL PARTNERS MADE SIMPLE Jose L Arbelaez – Enterprise Architect.

Published byShavonne Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Azure AD B2B SHAREPOINT ONLINE COLLABORATION WITH EXTERNAL PARTNERS MADE SIMPLE Jose L Arbelaez – Enterprise Architect."— Presentation transcript:

1 Azure AD B2B SHAREPOINT ONLINE COLLABORATION WITH EXTERNAL PARTNERS MADE SIMPLE Jose L Arbelaez – Enterprise Architect

2 Jeff Teper, Microsoft Corporate Vice President of OneDrive and SharePoint, will lead us in discussing the future of the platform and then take your questions. Join us at 4pm for our final SPS Nashville session for all attendees in the State Farm room (volunteers will be providing directions to the hall). What is the future of SharePoint? Discussion led by Jeff Teper

3 About Me  Enterprise Architect for Digital Collaboration, Communications and IoT  8 years of SharePoint experience  Favorite things in SharePoint: building workflows, forms, search  I love solving technical problems  Music composer: film scores, electronic and classical music 3

4 Connect with Me 4 http://JoseArbelaez.com @jlarbelaez jlarbelaez@live.com

5 Terms and Concepts  B2B: Business to Business  Authentication: Where identities are validated  Authorization: Where Access is defined  Federation: A pair of realms or domains that have established a federation trust  STS: Secure Token Service  Azure ACS: Azure Access Control Service 5

6 Before Azure AD B2B, companies had two ways to solve this problem: Internal Managed partner identities Inter-Company Federation relationships Background 5

7 Issues: Accounts are not disabled when the partner employee leaves the company Overhead on your internal IT to manage yet another directory (account provisioning, password resets, profile information changes, etc) Internal Managed partner identities 6

8 Inter-Company Federation relationships Partner users Company Azure ACS Company ADFS trust Partner STS SAML token Cloud Company users Azure AD Requires coordination and work with partner’s IT Issues: Smaller companies do not have the server infrastructure to configure and manage federation. Complexity around managing multiple federation relationships with multiple partners. Difficulty in compliance due to limited user visibility 7

9 Azure AD B2B allows partner managed identities to access your corporate applications like SharePoint online without having to manage the identity itself. Azure AD provides a single point for federation where each user has a single Azure AD account. Azure AD also allows non federated business partners to sign up for Azure AD accounts How does AZURE AD B2B solve this problem ? 8

10 Company Azure AD Company ADFS trust SAML token Azure AD Company users SAML token New Partner Azure AD Partner users without 365 tenancy SAML token Partner users With existing 365 Tenancy Existent Partner Azure AD SAML token trust Cloud AZURE AD B2B model 9

11 Caution! You are about to see a DEMO Let’s hope not to upset the DEMO gods

12 Prerequisites: 1.Install required PowerShell software to connect to Office 365 https://technet.microsoft.com/library/dn975125.aspx Install the Microsoft Online Services Sign-in Assistant Install the Window Azure Active Directory Module for Windows PowerShell. You can also find instructions on how to configure Azure PowerShell here: https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/

13 The following scenarios are based on a fictional company called JLAnet. In this case, the JLAnet corporation will create a SharePoint online site collection for partner collaboration and send invitations to external partners. Steps: 1. Create SharePoint Site Collection, for example: https://jlanet.sharepoint.com/sites/partnerportalhttps://jlanet.sharepoint.com/sites/partnerportal 2. In the SharePoint Admin Center select the newly created site collection and click on ‘Sharing’

14 3. In the Sharing options, ensure that either the second or third option for sharing are selected.

15 4. Create a security group for partner accounts in Office 365. For this demo, we will create a group called ‘spsnashville’ 5. Obtain the groups Object ID by looking at the group’s properties in Azure AD. In this case the ID is: 25bbaa93-07a3-4302-85ac-5201dd059f6a

16 6. Go to the SharePoint site collection you intend to share and grant permissions to your newly created group:

17 Source: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-references-csv-file-format/ Required Fields Email: External partner’s email address DisplayName: Display name for the external partner (First and Last Name) Optional Fields InvitationText: Customize invitation email text after app branding and before the redemption link. InvitedToApplications: AppIDs to corporate applications to assign users. AppIDs are retrievable in PowerShell by calling Get-MsolServicePrincipal | fl DisplayName, AppPrincipalId InvitedToGroups: ObjectIDs for groups to add user to. ObjectIDs are retrievable in PowerShell by calling Get-MsolGroup | fl DisplayName, ObjectId InviteRedirectURL: URL to direct an invited user after invite acceptance. This should be a company-specific URL (such as contoso.my.salesforce.com). If this optional field is not specified, the invited user is directed to the App Access Panel where they can navigate to your chosen corporate apps. The App Access Panel URL is of the form https://account.activedirectory.windowsazure.com/applications/default.aspx?tenantId=. CcEmailAddress: Email address to copy emailed invitation. If the CcEmailAddress field is used, this invitation cannot be used for email- verified user or tenant creation. Language: Language for invitation email and redemption experience, with "en" (English) as the default when unspecified. The other 10 supported language codes are: de: German, es: Spanish, fr: French, it: Italian, ja: Japanese, ko: Korean, pt-BR: Portuguese (Brazil), ru: Russian, zh-HANS: Simplified Chinese, zh-HANT: Traditional Chinese contoso.my.salesforce.com 7. Prepare your invitation CSV file

18 8. Your CSV will look similar to this. You can add as many users as you need 9. It is now time to invite your external users. In Azure AD, go to users and select create. You will see a window similar to this where you will select ‘Users in partner companies’ as the user type. You will then see the option to upload your CSV file

19 10. Your partner will receive an email with the invitation sent from Microsoft. The email contains the link to redeem the invitation

20 11. If the user is already part of a 365 tenancy, he/she will receive a message similar to this:

21 12. Your partner will then be logged in to your partner portal

22 When a partner does not have an existent 365 tenancy, he/she will be prompted to set up an account. If this is the first time an account from the partner domain is registered, Azure will create a new Azure AD tenancy for that partner’s domain

23 After successfully enter a verification code, the partner will then be redirected to the login page for access.

24 Tracking the change in User Name in Azure AD can help you troubleshoot if or not a partner user has redeemed their B2B collaboration invitation. The User Name attribute changes from the User Principal Name (user_partnerdomain.com#EXT#@yourdomain.com) to the sign-in name (user@partnerdomain.com)

25 Things to Keep in Mind  B2B for Yammer is not yet possible but part of the roadmap  There are no APIs to perform all these steps in PowerShell yet. That is in the roadmap but not in the near future  Invites will not work if another user in your AAD is using the same email. You must delete the existing account in order to create a B2B user with the same email.  The invitation email comes from Microsoft and there is no way to customize the branding of the email itself  The user sending the invite must be a global admin in 365  The maximum number of records allowed per CSV is 2,000  Enforcing multifactor authentication is not supported yet for B2B users

26 References: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2b-detailed-walkthrough/

27 Remember to follow @SPSNashville and tag #SPSNashville in your posts! Platinum Sponsors Gold Sponsors Silver Sponsors Thank You for being a part of SharePoint Saturday Nashville!

Download ppt "Azure AD B2B SHAREPOINT ONLINE COLLABORATION WITH EXTERNAL PARTNERS MADE SIMPLE Jose L Arbelaez – Enterprise Architect."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Implementing and Administering AD FS

Implementing and Administering AD FS
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
1.Product Keys – Details & Process 2.Example Email Notification for Product Keys 3.Using VLSC to Retrieve Product Keys 4.Overview of Azure Portals 5.Redeeming.

1.Product Keys – Details & Process 2.Example Notification for Product Keys 3.Using VLSC to Retrieve Product Keys 4.Overview of Azure Portals 5.Redeeming.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Understanding Active Directory

Understanding Active Directory
Mark Kashman Senior Product Manager –

Mark Kashman Senior Product Manager –
Share easilyShare responsibly Share with anyone.

Share easilyShare responsibly Share with anyone.
JourneyTEAM - www.journeyteam.com – 801.565.9199 Tales From The Field: 2010 to 2013 Upgrade Horror Stories and How to Avoid Creating a Horror of Your Own.

JourneyTEAM - – Tales From The Field: 2010 to 2013 Upgrade Horror Stories and How to Avoid Creating a Horror of Your Own.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
© 2011 PLANET TECHNOLOGIES, INC. Augmenting User Profiles with Line of Business Data Patrick Curran, MCT APRIL 28, 2012.

© 2011 PLANET TECHNOLOGIES, INC. Augmenting User Profiles with Line of Business Data Patrick Curran, MCT APRIL 28, 2012.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
New SharePoint 2016 Features

New SharePoint 2016 Features
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Similar presentations

Ads by Google