Use Azure External Identity User Flow to onboard external users as guests and add them to Azure AD Security groups in one sign up process

Question

Use Azure External Identity User Flow to onboard external users as guests and add them to Azure AD Security groups in one sign up process

asneel singh 0

Hi there , we want to user External Identity User Flow for allowing collaborators outside or Azure tenant to be able to self sign up. We're planning to use the External Identity User Flow and would like users to to sign up and post sign up added to groups in Azure AD. Group membership is used for providing access to enterprise apps and app registered in our Azure tenant. How can I do this or is this possible with Azure External Identity User Flow ?

As I understand it we have to build a sign in page ourselves because External Identity does not provide one ?

Thanks

Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2024-09-26T01:54:42.7433333+00:00

Hi @asneel singh

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

1 answer

Your answer

Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2024-09-26T01:54:42.7433333+00:00

Hi @asneel singh

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

Answer 1

Gudivada Adi Navya Sri 21,075 Moderator

Hi @asneel singh

Thank you for posting this in Microsoft Q&A.I understand your ask whether if it is possible to use the External Identity User Flow to allow external users to self-sign up and be added to groups in Azure AD, and if so, how to achieve this.

Unfortunately, it is not possible to fulfill your requirement using the External Identity User Flow. User flow can be used to create sign-up and sign-in pages for your customers, but it does not have the ability to add users to groups.

For your reference: Add a sign-up-sign-in-customers in External tenants

You can find which groups and application roles are supported through Microsoft Graph and the admin center in the following document.

https://learn.microsoft.com/en-us/entra/external-id/customers/reference-group-app-roles-support

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

asneel singh 0 Reputation points

2024-09-17T08:03:01.13+00:00

Hi there, thanks for your response . Can you please clarify the Microsoft Graph documentation which you mentioned is in relation to External tenants ,i.e., does external tenants give us the ability do what we require ?

Thanks
Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2024-09-23T14:12:47.0233333+00:00

Hi asneel singh

Thank you for following up on this!

Unfortunately, external tenants are unable to fulfill your requirements. While it is possible to automatically add users through sign-up processes, once users are added to your tenant, you must manually assign them to groups. There is currently no option to automatically add users after the sign-up process.
Gudivada Adi Navya Sri 21,075 Reputation points Moderator

2024-09-24T11:54:48.91+00:00

Hi asneel singh

Is there anything else I can help you with regarding this issue? If you still need further help, please feel free to let me know. If your question has been solved, then you can click "Accept Answer", which may help members with similar questions find the answer easily.

Share via

Use Azure External Identity User Flow to onboard external users as guests and add them to Azure AD Security groups in one sign up process

1 answer

Your answer