Exercise - Give guest users access in Microsoft Entra B2B

Completed

The external and internal developer teams want to work together, so you decide to create guest user access for the external developer team.

Use the Azure portal to invite business-to-business (B2B) collaboration users. You can invite guest users to a Microsoft Entra organization, group, or application. After you invite a user, their account is added to Microsoft Entra ID, with a guest user type.

After you add a guest user to the organization, send them a direct link to a shared app. Have the guest user open the redemption URL in the invitation email.

Add guest users to the organization

  1. Sign in to the Azure portal, and under Azure services, select Microsoft Entra ID. The Overview pane for your Microsoft Entra ID appears.

  2. In the left menu pane, under Manage, select Users. The All users pane appears.

  3. On the top menu bar, select New user, then select Invite external user.

    Screenshot that shows the New guest user button.

    The New user pane opens.

  4. Enter a display name and an email address to which you have access.

  5. Select Review + invite, then select Invite. An invitation is sent to the email address you provided for the guest user. The All users pane appears. Notice that the user now appears in the list of users and has Guest as User type. You might need to refresh to see the new user.

Add guest users to a group

  1. In your Microsoft Entra organization overview page, in the left menu pane, under Manage, select Groups. The All groups pane appears.

  2. Search for and select Developer group in the list of groups. The Developer group pane appears.

  3. In the left menu pane, under Manage, select Members. The Members pane appears for your developer group.

  4. On the top menu bar, select Add members. The Add members pane appears.

  5. Search for the guest account you added to the organization.

  6. Select the account, and select Select. The Members pane for your developer group appears.

    You now see the user in the list of members for this group. You might need to refresh to see the new user.

Add guest users to an application

  1. Go to your Microsoft Entra organization, and in the left menu pane, under Manage, select Enterprise applications. The Enterprise applications | All applications pane appears.

  2. On the top menu bar, select New application.

    Screenshot that shows the New Application button.

    The Browse Microsoft Entra Gallery pane appears.

  3. Search for and select DocuSign. Once the app is added, the Docusign pane appears.

  4. Select Create. The Docusign | Overview pane appears.

  5. In the left menu pane, under Manage, select Users and groups. The Users and groups pane appears for Docusign.

  6. On the top menu bar, select Add user/group.

    Screenshot that shows the Docusign application user and groups page.

    The Add Assignment pane appears.

  7. Under Users and groups, select the None Selected link. The Users and groups pane appears.

  8. Select the guest user you added in the previous exercise, and select Select. The Add Assignment pane reappears.

  9. Select Assign. The Users and groups pane for Docusign appears. You now see the user in the list for this application.

  10. To check that the correct access level is set, select the user in the list.

    Screenshot that shows the user selected on the users and groups page.

  11. On the top menu bar, select Edit. The Edit Assignment pane appears.

  12. Under Select a role, select the None Selected link. The Select a role pane appears.

  13. Select DocuSign Sender, and then select Select to make sure they have the correct access.

    Screenshot that shows role selected for user.

    The Edit Assignment pane reappears.

  14. Select Assign. The Users and groups pane appears with the proper Role assigned as DocuSign Sender for the user you selected.

  15. When the invitation arrives, the user accepts it, and can then access the application.

    Screenshot that shows the DocuSign app in the browser for the guest user after they've accepted the invitation.

You've now added a guest user to an application.

Resend invitations to guest users

If the guest user didn't receive the first email invitation, you can resend an invitation email.

  1. In your Microsoft Entra organization, in the left menu pane, under Manage, select Users. The All users pane appears.

  2. Select the user. The Profile pane for the user appears.

  3. In the B2B collaboration section, select the Resend invitation link.

  4. Select Resend.