Azure AD B2B collaboration

Azure AD business-to-business (B2B) collaboration enables organizations using the Azure AD to work securely with users from any organization. Invitations can be sent to external users, whether the user's organization uses Azure AD or not, and once accepted the guest user can leverage their own credentials to access resources, such as dashboards and reports contained in a Power BI app. Just like users within the organization, guest users can be added to security groups and these groups can be referenced in the Power BI service. 

Prior to the existence of Azure AD B2B, it was necessary to create identities within Azure AD for external guest users, or even develop an application with custom authentication.

A guest user can be added to Azure AD by sending an invitation from Azure AD and by sharing content with the external user from the Power BI service. The first method, referred to as the planned invite method, involves adding a guest user from within Azure AD and sending an invitation to the user's email address. In the following screenshot from the Azure portal, Azure Active Directory has been selected and the All users page has been accessed from the Manage users and groups tab:

Add guest user in Azure AD

As shown in the preceding screenshot, the administrator can click New guest user to add the user, and enter an invitation message, such as in the following screenshot:

Invite a guest user to Azure AD

The guest or external user will be sent an invitation via email containing the personal message, as well as a Get Started button. The user will need to click Get Started and accept the invitation. Once accepted, the guest user can be managed and added to security groups for use in Power BI. In the following screenshot from the All users tab in Azure AD, the guest user (Brett.Powell@....) has accepted the guest user invite:

Guest User in Azure AD

Guest users are identified in Azure AD with a globe icon and with a Guest value in the USER TYPE property, as shown in the preceding screenshot. 

As an alternative to the planned invite method via Azure AD described before, an invite to an external user can also be generated from the Power BI service directly. In this method, commonly referred to as ad hoc invites, a guest user's email address is specified when publishing or updating a Power BI app (via the Access page) or when sharing a Power BI dashboard or report. The external user would then receive an email invite to the specific content. Upon accepting this invite, the external user would be added as a guest user in Azure AD. Details on distributing content to users via apps and other methods are included in Chapter 11Creating Power BI Apps and Content Distribution.

Organizations have the option to completely block sharing with external users via the Share content with external users setting in the Power BI admin portal. As shown in the following screenshot, this setting can be enabled or disabled for an entire organization, or limited to certain security groups:

Share content with external users setting in Power BI admin portal

In addition to the Power BI admin portal, additional management options over external guest users are available in Azure AD. These settings, including whether members in the organization (non-admins) can invite guest users, are available on the manage user settings page of Azure AD.

External B2B users are limited to consuming content that has been shared or distributed to them. For example, they can view apps, export data (if allowed by the organization) and create email subscriptions, but they cannot access app workspaces or create and publish their own content. Additionally, external users cannot currently access shared content via the Power BI mobile apps.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.197.251