Authentication with Microsoft Entra ID for External users

Each person who accesses your application needs permission.

  1. You can invite an external user in Micorosft Entra ID: 
    https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers

    image

  2. You can set up a Dynamic Group in MS Entra ID to provide access to these users: 
    https://portal.azure.com/#view/Microsoft_AAD_IAM/GroupsManagementMenuBlade/~/AllGroups

    image

One way to dynamically add external users to the group is using a dynamic rule, such as this:

(user.userPrincipalName -contains "#EXT#")

image

  1. Give the group access to your application
  2. Find your application name in the App registrations page 
    https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps

    Look in All Applications, using your ClientID image

Then go to Enterprise Applications

https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null

First, remove the ‘Enterprise Applications’ filter image And add the group:

image

image

Click ‘None Selected’ to begin

image

  1. Provide cross-domain collaboration rights to the user’s domain 
    https://portal.azure.com/#view/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/~/Settings

Add the domain name, or select one of the other radio buttons

image

Copyright © 2023-2024 World of Workflows.