Add Azure Active Directory (Azure AD) as an identity provider for External Identities
Azure Active Directory is available as an identity provider option for B2B collaboration by default. If an external guest user has an Azure AD account through work or school, they can redeem your B2B collaboration invitations or complete your sign-up user flows using their Azure AD account.
Guest sign-in using Azure Active Directory accounts
Azure Active Directory is available in the list of External Identities identity providers by default. No further configuration is needed to allow guest users to sign in with their Azure AD account using either the invitation flow or a self-service sign-up user flow.
Azure AD account in the invitation flow
When you invite a guest user to B2B collaboration, you can specify their Azure AD account as the Email address they'll use to sign in.
Azure AD account in self-service sign-up user flows
Azure AD account is an identity provider option for your self-service sign-up user flows. Users can sign up for your applications using their own Azure AD accounts. First, you'll need to enable self-service sign-up for your tenant. Then you can set up a user flow for the application and select Azure Active Directory as one of the sign-in options.
Verifying the application's publisher domain
As of November 2020, new application registrations show up as unverified in the user consent prompt unless the application's publisher domain is verified, and the company’s identity has been verified with the Microsoft Partner Network and associated with the application. (Learn more about this change.) For Azure AD user flows, the publisher’s domain appears only when using a Microsoft account or other Azure AD tenant as the identity provider. To meet these new requirements, follow these steps:
- Verify your company identity using your Microsoft Partner Network (MPN) account. This process verifies information about your company and your company’s primary contact.
- Complete the publisher verification process to associate your MPN account with your app registration using one of the following options:
- If the app registration for the Microsoft account identity provider is in an Azure AD tenant, verify your app in the App Registration portal.
- If your app registration for the Microsoft account identity provider is in an Azure AD B2C tenant, mark your app as publisher verified using Microsoft Graph APIs (for example, using Graph Explorer).