您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

什么是 Azure Active Directory B2B 中的来宾用户访问权限?What is guest user access in Azure Active Directory B2B?

使用 Azure Active Directory (Azure AD) 企业到企业 (B2B) 协作可以安全地将公司的应用程序和服务与来自任何其他组织的来宾用户共享,同时保持对自己公司数据的控制。Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. 与外部合作伙伴安全放心地合作,不论其规模是大是小,甚至就算他们没有 Azure AD 或 IT 部门也无妨。Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. 合作伙伴通过一个简单的邀请和兑换过程即可使用自己的凭据来访问公司资源。A simple invitation and redemption process lets partners use their own credentials to access your company's resources. 开发人员可以使用 Azure AD 企业到企业 API 自定义邀请处理或编写自助注册门户之类的应用程序。Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals.

请观看视频,了解如何邀请来宾用户使用他们自己的标识登录公司的应用和服务以安全地与之协作。Watch the video learn how you can securely collaborate with guest users by inviting them to sign in to your company's apps and services using their own identities.

以下视频提供了有用的概述。The following video provides a useful overview.

与使用自己标识的任何合作伙伴协作Collaborate with any partner using their identities

借助 Azure AD B2B,合作伙伴可使用自己的标识管理解决方案,因此组织省去了外部管理开销。With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization.

  • 合作伙伴使用自己的标识和凭据;Azure AD 不是必需的。The partner uses their own identities and credentials; Azure AD is not required.
  • 不需要管理外部帐户或密码。You don't need to manage external accounts or passwords.
  • 不需要同步帐户或管理帐户生命周期。You don't need to sync accounts or manage account lifecycles.

显示“添加成员”页的屏幕截图

通过一个简单的邀请和兑换过程邀请来宾用户Invite guest users with a simple invitation and redemption process

来宾用户可使用自己的工作、学校或社交标识登录应用和服务。Guest users sign in to your apps and services with their own work, school, or social identities. 如果来宾用户没有 Microsoft 帐户或和 Azure AD 帐户,当他们在兑换邀请时,系统会为他们创建一个帐户。If the guest user doesn’t have a Microsoft account or an Azure AD account, one is created for them when they redeem their invitation.

  • 邀请使用自选电子邮件标识的来宾用户。Invite guest users using the email identity of their choice.
  • 发送应用的直接链接,或发送邀请至来宾用户自己的访问面板。Send a direct link to an app, or send an invitation to the guest user's own Access Panel.
  • 来宾用户遵循一些简单的兑换步骤登录。Guest users follow a few simple redemption steps to sign in.

显示“查看权限”页的屏幕截图

使用策略安全地共享你的应用和服务Use policies to securely share your apps and services

可以使用授权策略保护企业内容。You can use authorization policies to protect your corporate content. 可在以下级别强制执行多重身份验证等条件访问策略:Conditional Access policies, such as multi-factor authentication, can be enforced:

  • 租户级别。At the tenant level.
  • 应用程序级别。At the application level.
  • 针对特定来宾用户,保护企业应用和数据。For specific guest users to protect corporate apps and data.

显示“条件访问”选项的屏幕截图

在 Azure AD 门户中轻松添加来宾用户Easily add guest users in the Azure AD portal

管理员可以在 Azure 门户中轻松地向组织添加来宾用户。As an administrator, you can easily add guest users to your organization in the Azure portal.

  • 在 Azure AD 中创建新的来宾用户,方法类似于添加新用户。Create a new guest user in Azure AD, similar to how you'd add a new user.
  • 来宾用户会立即收到允许他们登录访问面板的可自定义邀请。The guest user immediately receives a customizable invitation that lets them sign in to their Access Panel.
  • 目录中的来宾用户会被分配到应用或组。Guest users in the directory can be assigned to apps or groups.

显示“新建来宾用户邀请”入口页的屏幕截图

让应用程序和组所有者管理自己的来宾用户Let application and group owners manage their own guest users

可以委托应用程序所有者管理来宾用户,不论是否为 Microsoft 应用程序,他们都可以将来宾用户直接添加到他们想要共享的任何应用程序。You can delegate guest user management to application owners so that they can add guest users directly to any application they want to share, whether it's a Microsoft application or not.

  • 管理员设置自助服务应用和组管理。Administrators set up self-service app and group management.
  • 非管理员使用其访问面板将来宾用户添加到应用程序或组。Non-administrators use their Access Panel to add guest users to applications or groups.

显示来宾用户的访问面板的屏幕截图

使用 API 和示例代码轻松生成要载入的应用程序Use APIs and sample code to easily build applications to onboard

使用按组织需求自定义的方法引入外部合作伙伴。Bring your external partners on board in ways customized to your organization’s needs.

显示示例注册门户的屏幕截图

后续步骤Next steps