|
1 | 1 | --- |
2 | 2 |
|
3 | 3 | title: Add B2B collaboration users as an information worker - Azure Active Directory | Microsoft Docs |
4 | | -description: B2B collaboration allows information workers to add users from their organization to Azure AD for access | Microsoft Docs |
| 4 | +description: B2B collaboration allows information workers and app owners to add guest users to Azure AD for access | Microsoft Docs |
5 | 5 |
|
6 | 6 | services: active-directory |
7 | 7 | ms.service: active-directory |
8 | 8 | ms.component: B2B |
9 | 9 | ms.topic: article |
10 | | -ms.date: 05/11/2018 |
| 10 | +ms.date: 08/08/2018 |
11 | 11 |
|
12 | 12 | ms.author: mimart |
13 | 13 | author: msmimart |
14 | 14 | manager: mtillman |
15 | | -ms.reviewer: sasubram |
| 15 | +ms.reviewer: mal |
16 | 16 |
|
17 | 17 | --- |
18 | 18 |
|
19 | | -# How do information workers add B2B collaboration users to Azure Active Directory? |
| 19 | +# How users in your organization can invite guest users to an app |
20 | 20 |
|
21 | | -Information workers can use the [Application Access Panel](http://myapps.microsoft.com) to add B2B collaboration users to groups and applications that they administer. |
| 21 | +After a guest user has been added to the directory in Azure AD, an application owner can send the guest user a direct link to the app they want to share. Azure AD admins can also set up self-service management so that application owners can manage their own guest users, even if the guest users haven’t been added to the directory yet. When an app is configured for self-service, the application owner uses their Access Panel to invite a guest user to an app or add a guest user to a group that has access to the app. Self-service app management requires some initial setup by an admin. The following is a summary of the setup steps (for more detailed instructions, see [Prerequisites](#prerequisites) later on this page): |
22 | 22 |
|
23 | | -After a guest user is added to the directory, the information worker can either send the guest user a direct link to a shared app, or the guest user can click the redemption URL in the invitation email. For more information about the redemption process, see [B2B collaboration invitation redemption](redemption-experience.md). |
| 23 | + - Enable self-service group management for your tenant |
| 24 | + - Create a group to assign to the app and make the user an owner |
| 25 | + - Configure the app for self-service and assign the group to the app |
24 | 26 |
|
25 | | -## Information workers adding B2B collaboration users to an application |
26 | | -Assign B2B collaboration users to an app as an information worker in a partner organization, as shown in the following video: |
| 27 | +## Invite a guest user to an app from the Access Panel |
27 | 28 |
|
28 | | ->[!VIDEO https://channel9.msdn.com/Blogs/Azure/information-worker-assign-to-apps/Player] |
| 29 | +After an app is configured for self-service, application owners can use their own Access Panel to invite a guest user to the app they want to share. The guest user doesn't necessarily need to be added to Azure AD in advance. |
29 | 30 |
|
30 | | -## Information workers adding B2B collaboration users to a group |
| 31 | +1. Open your Access Panel by going to `https://myapps.microsoft.com`. |
| 32 | +2. Point to the app, select the ellipses (**...**), and then select **Manage app**. |
| 33 | + |
| 34 | +  |
| 35 | + |
| 36 | +3. At the top of the users list, select **+**. |
| 37 | + |
| 38 | +  |
| 39 | + |
| 40 | +4. In the **Add members** search box, type the email address for the guest user. Optionally, include a welcome message. |
| 41 | + |
| 42 | +  |
| 43 | + |
| 44 | +5. Select **Add** to send an invitation to the guest user. After you send the invitation, the user account is automatically added to the directory as a guest. |
| 45 | + |
| 46 | +## Invite someone to join a group that has access to the app |
| 47 | +After an app is configured for self-service, application owners can invite guest users to the groups they manage that have access to the apps they want to share. The guest users don't have to already exist in the directory. The application owner follows these steps to invite a guest user to the group so that they can access the app. |
| 48 | + |
| 49 | +1. Make sure you're an owner of the self-service group that has access to the app you want to share. |
| 50 | +2. Open your Access Panel by going to `https://myapps.microsoft.com`. |
| 51 | +3. Select the **Groups** app. |
| 52 | + |
| 53 | +  |
| 54 | + |
| 55 | +4. Under **Groups I own**, select the group that has access to the app you want to share. |
| 56 | + |
| 57 | +  |
| 58 | + |
| 59 | +5. At the top of the group members list, select **+**. |
| 60 | + |
| 61 | +  |
| 62 | + |
| 63 | +6. In the **Add members** search box, type the email address for the guest user. Optionally, include a welcome message. |
| 64 | + |
| 65 | +  |
| 66 | + |
| 67 | +7. Select **Add** to automatically send the invitation to the guest user. After you send the invitation, the user account is automatically added to the directory as a guest. |
| 68 | + |
| 69 | + |
| 70 | +## Prerequisites |
| 71 | + |
| 72 | +Self-service app management requires some initial setup by a Global Administrator and an Azure AD administrator. As part of this setup, you'll configure the app for self-service and assign a group to the app that the application owner can manage. You can also configure the group to allow anyone to request membership but require a group owner's approval. (Learn more about [self-service group management](https://docs.microsoft.com/azure/active-directory/users-groups-roles/groups-self-service-management).) |
31 | 73 |
|
32 | | -Information workers can similarly add B2B collaboration users to an assigned group that is enabled for self-service group management. |
33 | 74 | > [!NOTE] |
34 | | -> You cannot add B2B collaboration users to a dynamic group or to a group that is synced with on-premises Active Directory. |
| 75 | +> You cannot add guest users to a dynamic group or to a group that is synced with on-premises Active Directory. |
| 76 | +
|
| 77 | +### Enable self-service group management for your tenant |
| 78 | +1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator. |
| 79 | +2. In the navigation panel, select **Azure Active Directory**. |
| 80 | +3. Select **Groups**. |
| 81 | +4. Under **Settings**, select **General**. |
| 82 | +5. Under **Self Service Group Management**, next to **Owners can manage group membership requests in the Access Panel**, select **Yes**. |
| 83 | +6. Select **Save**. |
| 84 | + |
| 85 | +### Create a group to assign to the app and make the user an owner |
| 86 | +1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator or Global Administrator. |
| 87 | +2. In the navigation panel, select **Azure Active Directory**. |
| 88 | +3. Select **Groups**. |
| 89 | +4. Select **New group**. |
| 90 | +5. Under **Group type**, select **Security**. |
| 91 | +6. Type a **Group name** and **Group description**. |
| 92 | +7. Under **Membership type**, select **Assigned**. |
| 93 | +8. Select **Create**, and close the **Group** page. |
| 94 | +9. On the **Groups - All groups** page, open the group. |
| 95 | +10. Under **Manage**, select **Owners** > **Add owners**. Search for the user who should manage access to the application. Select the user, and then click **Select**. |
35 | 96 |
|
| 97 | +### Configure the app for self-service and assign the group to the app |
| 98 | +1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator or Global Administrator. |
| 99 | +2. In the navigation pane, select **Azure Active Directory**. |
| 100 | +3. Under **Manage**, select **Enterprise applications** > **All applications**. |
| 101 | +4. In the application list, find and open the app. |
| 102 | +5. Under **Manage**, select **Single sign-on**, and configure the application for single sign-on. (For details, see [how to manage single sign-on for enterprise apps](https://docs.microsoft.com/azure/active-directory/manage-apps/configure-single-sign-on-portal).) |
| 103 | +6. Under **Manage**, select **Self-service**, and set up self-service app access. (For details, see [how to use self-service app access](https://docs.microsoft.com/azure/active-directory/application-access-panel-self-service-applications-how-to).) |
| 104 | + > [!NOTE] |
| 105 | + > For the setting **To which group should assigned users be added?** select the group you created in the previous section. |
| 106 | +7. Under **Manage**, select **Users and groups**, and verify that the self-service group you created appears in the list. |
| 107 | +8. To add the app to the group owner's Access Panel, select **Add user** > **Users and groups**. Search for the group owner and select the user, click **Select**, and then click **Assign** to add the user to the app. |
36 | 108 |
|
37 | 109 | ## Next steps |
38 | 110 |
|
|
0 commit comments