Demonstration/prototype of B2B self-service signup, signup approvals, and profile editing.
Перейти к файлу
dependabot[bot] 96b83c092e
Bump Newtonsoft.Json from 10.0.3 to 13.0.2 in /B2BPortal.Interfaces
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 10.0.3 to 13.0.2.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/10.0.3...13.0.2)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-07 19:39:26 +00:00
AzureB2BInvite Batch history status, bug fixes. 2018-05-10 14:51:04 -05:00
B2BPortal Batch history status, bug fixes. 2018-05-10 14:51:04 -05:00
B2BPortal.Common Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
B2BPortal.Data Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
B2BPortal.Interfaces Bump Newtonsoft.Json from 10.0.3 to 13.0.2 in /B2BPortal.Interfaces 2022-12-07 19:39:26 +00:00
B2BPortalDeploy Refactor to multiple projects, add settings, profile editing, additional email options, email template management. 2017-03-27 15:13:31 -07:00
BatchInviteProcessor Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
DocImages Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
.gitignore Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
B2BPortal.sln Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
CodeMap1.dgml Refactor to multiple projects, add settings, profile editing, additional email options, email template management. 2017-03-27 15:13:31 -07:00
CustomDeploy.ps1 Update PS code to gen AAD app secret. 2017-03-29 18:54:33 -07:00
Deploy-AzureResourceGroup.ps1 Refactor to multiple projects, add settings, profile editing, additional email options, email template management. 2017-03-27 15:13:31 -07:00
LICENSE Initial commit 2017-03-14 12:30:11 -07:00
README.md Update repo with notes on Azure AD Entitlement Management. 2020-01-06 20:16:28 -06:00
SECURITY.md Microsoft mandatory file 2022-09-13 15:18:23 +00:00
Setup.md Adding batch processing; token caching via Cosmos DB; bug fixes; submission history viewer; tenant branding 2018-05-10 00:02:12 -05:00
azuredeploy.json Fix queue name to lower case. 2020-02-12 10:59:16 -06:00
azuredeploy.parameters.json Updated readme, added setup instructions, updated ARM template for preauth app secret 2017-04-02 22:58:33 -07:00

README.md

Azure Active Directory/ASP.Net MVC/GraphAPI B2BPortal

Sample/Prototype project enabling self-service B2B capabilities for an Azure AD Tenant

This code is a sample to demonstrate the Azure Active Directory B2B Invitation API. It was last updated in 2017.

If you wish to enable users from other organizations to request access, and upon approval be provisioned with guest accounts and assigned to groups, apps and SharePoint Online sites, then instead use Azure AD entitlement management to configure policies that manage access for external users.

Quick Start

Detailed step-by-step deployment instructions

Update (Notes here will be reflective of any changes made in the most recent update.)

An additional permission is required to facilitate batch processing with automatic directory addition.

  • DELEGATED PERMISSIONS
    • Access the directory as the signed-in user

This permission will allow a guest user, that has been added to the "Guest Inviter" role, to invite additional guests from their home directory. Those guests are automatically added as new guests without needing to go through an invitation redemption process. They will have immediate, automatic access. The list of groups that can be assigned to these guests are limited to groups where the inviting guest is already a member.

After adding this permission, because user's previous consents will be invalidated, you will need to click "Grant Permissions" to update the consents for users in the tenant.

alt text

Details

  • Allows self-service provisioning of guest accounts in a tenant. Portal enables this via API calls to the Microsoft Graph
  • Leverages Azure CosmosDB. For development, a downloadable emulator is available: https://aka.ms/documentdb-emulator
  • ARM template deploys the following:
    • Azure Web App
    • Azure CosmosDB
  • Requires the following (see step-by-step deployment instructions above for details):
    1. Azure AD application with the following:
    • Microsoft Graph - app permissions
      • Read and write directory data
      • Read and write all users' full profiles
    • Microsoft Graph - delegated permissions
      • Sign in and read user profile
    1. Azure AD application with the following:
    • Microsoft Graph - delegated permissions
      • Sign in and read user profile
      • Multi-Tenant enabled
    • Optional - custom DNS name and SSL cert

Operation

  • Guests access the home page and may enter their login email to request access to the host tenant/company. Optionally, they may click to "Require Sign-In" - this will allow them to login to the guest's home tenant, authenticate, then return with the form pre-filled AND with the request authenticated and validated.
  • Once the request is submitted, the request will be queued in a CosmosDB repo.
  • A user in the home company with the "Guest Inviter" role granted can then access the portal, log in, and browse the pending requests, either approving, denying, or leaving in a pending state for others to review. Additionally, internal comments can be attached to the request records.
  • Optionally, authorized users may login and add a "Partner Organization" profile record. This will allow potential guests with a matching domain suffix, to be optionally auto-approved for B2B guest access in the tenant.
  • Whether a user is automatically approved, or manually approved, once an approval occurs, a welcome email is generated to the requester with a link that allows for redemption of the request.

As-Is Code

This code is made available as a sample to demonstrate usage of the Azure Active Directory B2B Invitation API. It should be customized by your dev team or a partner, and should be reviewed before being deployed in a production scenario.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.