Need help creating accounts for guest users on Azure

Ava Dobreva 46 Reputation points
2021-11-12T01:37:31.083+00:00

Hello,

I need to add a bunch of users to our corporate account on Azure. They are not our company employees, so their emails don't end with our corporate domain. What we want them to do is give them access to create resources such as Text Analytics, Computer Vision.

I have created an AAD app where I invite them to join. Then, I created a resource group and created role assignments for a group of members through Access control (IAM).

However, when a user accepts the invitation to join, they are redirected here: myapplications.microsoft.com

Instead, I want users to be redirected to Azure directly. Is that possible?

Also, when a user goes to portal.azure.com, they are able to sign in to our workspace but to use any resource, they have to create a profile. Is there no way around that - can I, as an admin, create profiles for them to skip all these steps they have to take?

Thank you.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,736 questions
No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Vasil Michev 62,156 Reputation points Microsoft MVP
    2021-11-12T09:02:30.013+00:00

    You can "craft" your own invitation links and add the corresponding redirect uri, as detailed here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/customize-invitation-api
    How are they signing/accessing the workspace? Generally speaking, they should be using the invitation link or properly crafted "smart link".

    No comments

  2. AmanpreetSingh-MSFT 55,226 Reputation points
    2021-11-12T09:24:20.947+00:00

    Hi @Ava Dobreva • Thank you for reaching out.

    When you invite guest users via Azure Portal, the invitation redemption URL by default is configured to redirect the users to the My Apps portal and canNOT be changed/configured.

    However, to add guest users in your tenant, you can use graph call, which allows you to specify the inviteRedirectUrl where users should get redirected after they redeem the invite.

    To test it out, please follow the below steps:

    • Sign in to Graph Explorer as Global Admin or use an account that has permissions to invite users.
    • Use the below Graph call:

    Call :

    POST https://graph.microsoft.com/beta/invitations  
    

    Body:

    {  
      "invitedUserEmailAddress": "test_user@example.com",  
      "inviteRedirectUrl": "https://portal.azure.com"  
    }  
    

    - From the response, copy the value of inviteRedeemUrl and sign in as test_user@ssss .com.

    • After successfully redeeming the invite, notice that the user gets redirected to Azure Portal and not My Apps portal.

    Note :
    Under modify permissions section, you need to consent for the below permissions:
    User.Invite.All, User.ReadWrite.All, Directory.ReadWrite.All
    148709-image.png

    I am not sure about the workspace profile setup, but AFAIK, if any app/resource cannot automatically fetch the user profile information from Azure AD, it has to be done by the end-users only.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    No comments

  3. Ava Dobreva 46 Reputation points
    2021-11-15T00:42:54.053+00:00

    Thank you very much for the answers, and especially @AmanpreetSingh-MSFT for the detailed answer.

    However, for anyone who finds this question and can't set up the Graph integration by themselves, there is a very easy way to personalize the invitation and the redirect URL: the bulk invite option. 149213-image.png
    Download the CSV file and just edit everything in there, and then upload. Works seamlessly.

    149214-image.png

    No comments