什麼是 Azure Active Directory B2B 中的來賓使用者存取權?What is guest user access in Azure Active Directory B2B?

Azure Active Directory (Azure AD) 企業對企業 (B2B) 共同作業,可讓您與來賓使用者和來自其他組織的外部夥伴安全地共用公司的應用程式與服務,同時持續控制貴公司的資料。Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. 即使沒有 Azure AD 或 IT 部門,也可以安全地與外部合作夥伴 (無論大型或小型) 合作。Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. 透過簡單的邀請和兌換程序,夥伴可以使用自己的認證來存取您的公司資源。A simple invitation and redemption process lets partners use their own credentials to access your company's resources. 開發人員可以使用 Azure AD 企業對企業 API 來自訂邀請程序,或撰寫自助式註冊入口網站等應用程式。Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals.

觀看影片以了解如何透過邀請來賓使用者使用自己的身分識別登入您的公司應用程式與服務,安全地與他們共同作業。Watch the video learn how you can securely collaborate with guest users by inviting them to sign in to your company's apps and services using their own identities.

下列影片提供實用的概觀。The following video provides a useful overview.

使用他們的身分識別與任何夥伴共同作業Collaborate with any partner using their identities

使用 Azure AD B2B,夥伴可使用自己的身分識別管理解決方案,因此您的組織不會產生外部系統管理額外負荷。With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization.

  • 夥伴使用他們自己的身分識別與認證;Azure AD 不是必需的。The partner uses their own identities and credentials; Azure AD is not required.
  • 您不需要管理外部帳戶或密碼。You don't need to manage external accounts or passwords.
  • 您不需要同步處理帳戶或管理帳戶的生命週期。You don't need to sync accounts or manage account lifecycles.

顯示 [新增成員] 頁面的螢幕擷取畫面

使用簡單的邀請與兌換程序邀請來賓使用者Invite guest users with a simple invitation and redemption process

來賓使用者使用自己的公司、學校或社交身分識別登入您的應用程式與服務。Guest users sign in to your apps and services with their own work, school, or social identities. 如果來賓使用者沒有 Microsoft 帳戶或 Azure AD 帳戶,系統就會在他們兌換其邀請時為他們建立一個帳戶。If the guest user doesn’t have a Microsoft account or an Azure AD account, one is created for them when they redeem their invitation.

  • 使用來賓使用者選擇的電子郵件身分識別邀請他們。Invite guest users using the email identity of their choice.
  • 傳送應用程式的直接連結,或向來賓使用者本身的存取面板傳送邀請。Send a direct link to an app, or send an invitation to the guest user's own Access Panel.
  • 來賓使用者只需幾個簡單的兌換步驟即可登入。Guest users follow a few simple redemption steps to sign in.

顯示 [檢閱權限] 頁面的螢幕擷取畫面

使用原則來安全地共用您的應用程式與服務Use policies to securely share your apps and services

您可以使用授權原則保護您的公司內容。You can use authorization policies protect your corporate content. 可以強制執行條件式存取原則,例如多重要素驗證:Conditional access policies, such as multi-factor authentication, can be enforced:

  • 在租用戶層級。At the tenant level.
  • 在應用程式層級。At the application level.
  • 針對特定來賓使用者來保護公司應用程式與資料。For specific guest users to protect corporate apps and data.

顯示 [條件式存取] 選項的螢幕擷取畫面

輕鬆地在 Azure AD 入口網站中新增來賓使用者Easily add guest users in the Azure AD portal

系統管理員可以在 Azure 入口網站中輕鬆地將來賓使用者新增到您的組織。As an administrator, you can easily add guest users to your organization in the Azure portal.

  • 在 Azure AD 中建立新的來賓使用者,類似於加入新使用者的方式。Create a new guest user in Azure AD, similar to how you'd add a new user.
  • 來賓使用者會立即收到可自訂的邀請,讓他們登入存取面板。The guest user immediately receives a customizable invitation that lets them sign in to their Access Panel.
  • 目錄中的來賓使用者可以指派至應用程式或群組。Guest users in the directory can be assigned to apps or groups.

顯示 [新增來賓使用者] 進入頁面的螢幕擷取畫面

讓應用程式與群組擁有者管理自己的來賓使用者Let application and group owners manage their own guest users

您可以將來賓使用者管理委派給應用程式擁有者,讓他們可以將來賓使用者直接新增到他們想要共用的任何應用程式,無論它是否為 Microsoft 應用程式。You can delegate guest user management to application owners so that they can add guest users directly to any application they want to share, whether it's a Microsoft application or not.

  • 系統管理員可設定自助式應用程式與群組管理。Administrators set up self-service app and group management.
  • 非系統管理員必須使用其存取面板將來賓使用者新增到應用程式或群組。Non-administrators use their Access Panel to add guest users to applications or groups.

顯示來賓使用者存取面板的螢幕擷取畫面

使用 API 和範例程式碼來輕鬆建置要上架的應用程式Use APIs and sample code to easily build applications to onboard

讓您的外部合作夥伴以針對您組織需求量身打造的方式上線使用Bring your external partners on board in ways customized to your organization’s needs.

  • 使用 B2B 共同作業邀請 API 來自訂上架體驗,包括建立自助式註冊入口網站。Use the B2B collaboration invitation APIs to customize your onboarding experiences, including creating self-service sign-up portals.
  • 使用我們在 GitHub (英文) 上針對自助入口網站提供的範例程式碼。Use the sample code we provide for a self-service portal on GitHub.

顯示範例註冊入口網站的螢幕擷取畫面

後續步驟Next steps