Azure AD B2B has been a boon for organizations working with partners for its various applications without losing control on corporate data. The capability of adding guest users and assigning them application is something which opens up a horizon on single sign on of enterprise applications. For details on Azure AD B2B, please visit this link – https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b

Now suppose you have users from your partner organization whom you want to access your Portals. You do not want them to set-up as a Member user in your active directory. Rather you want to set them up as a guest user and assign them to the portal. But how to do it. So let’s follow the steps

Step 1: Set-up your guest user

Login to your portal : https://portal.azure.com. 

Go to your Azure Active Directory and then Users and click on “New Guest User”

I enter the user email address. Here I entered it as my personal email – debajit.dutta@xrmforyou.com which is different from my Azure domain xrmforyou73.onmicrosoft.com. In real life scenarios this will be the email address of your partner organization.

Once you send the invite, the partner will receive an invitation email. Sample below. Once the partner clicks on “Get Started”, he is asked for credentials and consent and is authenticated where he can see his access panel where the applications he has been assigned to are shown. Currently the user does not have any applications assigned to him.

Step 2: Assigning the guest user to the Dynamics 365 Portals application in AD

While this step is not must for authenticating with the portal, this makes a better experience of the partner to seamlessly authenticate with the portal from their Access Panel.

Again in the Azure portal navigate to Azure active directory –> App Registrations.

Your portal instance is created as an APP in Azure Active Directory.

Click on the Application and then in the next Page again click on the Microsoft CRM Portals app as highlighted in the below screenshot.

In the overview page, click where total users are being shown and then add the Guest user.

And you are done. Now when the partner accesses his Access Panel, he could see his Microsoft CRM Portal on his screen. (partner may need to sign in again to see the new APP’s assigned).

However if I now click on Open then, it would throw an error. This is because the Sign In Page of the Portal App was not set.

Step 3: Set the sign-on URL of Portal App.

Open the Microsoft CRM Portals App in your Azure Active Directory and click on Settings and then click on Properties

In the Home Page URL put the URL of the portals:

Here – https://xrmforyou73.microsoftcrmportals.com

Save it and you are done.

Now when the partner logs in and tries to open the Portals, he first needs to sign in using Azure AD button in the portal. From the next time onwards, it just seamless authentication from his access panel.

Hope this helps!

Debajit Dutta

(Dynamics MVP)

For consultation/ corporate training visit www.xrmforyou.com or reach out to us at info@xrmforyou.com

Our product offerings:

Role based views for Dynamics 365 (http://www.xrmforyou.com/role-based-views.html)

CRM-Sharepoint Attachment uploader and metadata manager (http://www.xrmforyou.com/sharepoint-integrator.html)

Record Cloner for Dynamics 365 (http://www.xrmforyou.com/record-cloner.html)

Multiselect picklist for Dynamics 365 (http://www.xrmforyou.com/multi-select-picklist.html)