title | description | ms.component | ms.topic | ms.date | author | ms.subservice | ms.author | ms.reviewer | ms.custom | search.audienceType | contributors | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Invite users with Microsoft Entra B2B collaboration | MicrosoftDocs |
Invite users with Microsoft Entra B2B collaboration |
pa-admin |
conceptual |
12/15/2022 |
sericks007 |
admin |
sericks |
sericks |
admin-security |
|
|
You can invite other users to access your environment. The [!INCLUDEpn_Office_365] Global admin can do this through the Azure portal. Invited users can access your environment using their own login credentials once a license and a security role are assigned to them. The use of the apps created using Power Apps, customer engagement apps (such as Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Field Service, Dynamics 365 Customer Insights - Journeys, and Dynamics 365 Project Operations), and finance and operations apps are granted. You don’t need to create a new user account and temporary password for these invited users in your own [!INCLUDEpn_Office_365] tenant.
-
To send business-to-business (B2B) user invitations, you must have an [!INCLUDEpn_azure_active_directory] Global admin role.
-
To bulk- invite users, get the latest [!INCLUDEpn_azure_active_directory][!INCLUDEpn_PowerShell_short] which can be downloaded from the PowerShell module's release page.
The following features are not supported for B2B invited users.
-
[!INCLUDEpn_unified_service_desk] client
Invited users will not be able to use the [!INCLUDEpn_unified_service_desk] client to log into the host tenant’s environment.
-
[!INCLUDEpn_crm_app_for_outlook_short]
Invited users will not be able to use their own tenant email addresses when performing email related transactions in the host environment.
-
[!INCLUDEpn_office_365_groups]
[!INCLUDEpn_office_365_groups] connects a group to customer engagement apps. Data (including new conversations and documents) are stored in the [!INCLUDEpn_Exchange] and/or [!INCLUDEpn_SharePoint_short] system. Since invited users belong to a different [!INCLUDEpn_Office_365] tenant, the invited users do not have permission to create [!INCLUDEpn_office_365_groups] in the invited-to [!INCLUDEpn_Office_365] tenant. However, they can participate in the [!INCLUDEpn_office_365_groups] conversations as a guest in their [!INCLUDEpn_Outlook_short] Inbox, but not within customer engagement apps.
-
Dynamics 365 Customer Voice
Invited users will not be able to use Dynamics 365 Customer Voice. You must create a new user in your tenant and then provide access to the new user.
You can add users to through [!INCLUDEpn_azure_active_directory] B2B user collaboration. Global admins and limited admins can use the [!INCLUDEpn_azure_shortest] portal to invite B2B collaboration users to the directory, to any security group, or to any application.
Admins can use one of the following methods to invite B2B users to their environment:
-
Invite users to your environment that has a security group.
-
See Control user access to environments: security groups and licenses on how to use security groups for your environments.
-
Invite users to your environment that does not have a security group.
-
Bulk-invite guest users using a .csv file.
- See PowerShell example.
Your invited user will receive an email invitation to get started with B2B user collaboration.
When your user accepts the invitation by clicking on the Get Started link on the invitation email, they will be prompted to accept the invitation.
Note
Until you add a license to the user account, the user will not have access to customer engagement apps. Follow the steps below to add a license through the [!INCLUDEpn_azure_shortest] portal.
To assign a license, the invited user’s Usage location must be specified. Admins can update the invited user’s profile on the [!INCLUDEpn_azure_shortest] portal.
-
Go to Microsoft Entra > Users and groups > All users. If you don't see the newly created user, refresh the page.
-
Click on the invited user, and then click Profile.
-
Update First name, Last name, and Usage location.
-
Click Save, and then close the Profile blade.
Assign your invited users a license and security role so the user can use customer engagement apps.
-
Go to Microsoft Entra > Users and groups > All users. If you don't see the newly created user, refresh the page.
-
Click on the invited user, and then click Licenses.
-
Click Configure required settings.
-
Select the product to license.
-
Click Select, and then click Assign.
Next, assign the invited users with appropriate security roles for the environment so they can access it. See Create users.
To complete the user invitation, notify your invited users and provide them with the URL for the environment they are invited to (for example, https://contoso.crm.dynamics.com).
Important
- This is a preview feature.
- [!INCLUDEcc_preview_features_definition]
B2B guest users can run Power Apps.
Follow these steps to allow B2B collaboration users to create Power Apps.
Note
Ensure that you perform below steps on the resource tenant, and not on the home tenant.
- A resource tenant is where the app is expected to exist, and where the user is expected to create the app using Power Apps as a guest.
- A home tenant is where the user's account resides and authenticates against.
-
In Microsoft Entra ID, in external collaboration settings set guest user access to "(most inclusive)". For more info about Microsoft Entra B2B check out: What is guest user access in Microsoft Entra B2B?
-
Use the following PowerShell cmdlet to enable guests to make Power Apps.
$requestBody = Get-TenantSettings $requestBody.powerPlatform.powerApps.enableGuestsToMake = $True Set-TenantSettings $requestBody
-
Assign the Environment Maker security role to the B2B guest users that you want to be able to create apps and Microsoft list custom forms using Power Apps.
[!TIP] In addition, you can also review all other guests of this security role (especially in the default environment), and remove users that aren't expected to have this privilege.
After the B2B guest users are given the required permissions to create and edit apps, they can now create Power Apps and Microsoft List custom forms using Power Apps.
- B2B guests can follow these steps to sign in the preferred Microsoft Entra tenant to build apps.
- To sign in to make.powerapps.com via Azure B2B, a user is required to sign in to an Microsoft Entra tenant. Microsoft Accounts (for example user@outlook.com, user@live.com, user@hotmail.com) cannot directly sign in to https://make.powerapps.com.
- If the Azure B2B maker is expected to build an app that uses Dataverse or build apps in a solution, they’ll need a license with Dataverse use rights assigned to them in the resource tenant.
- B2B makers are currently not supported across sovereign cloud boundaries. For example, a B2B guest from a commercial tenant can't make apps in a GCC tenant. The same is applicable for GCC to GCC High, commercial to China cloud, and so on.
Microsoft Entra B2B Collaboration is Generally Available!
Microsoft Entra B2B collaboration code and PowerShell samples
Microsoft Entra B2B collaboration frequently-asked questions (FAQ)
Microsoft Entra B2B Collaboration
Microsoft Entra B2B: New updates make cross-business collab easy
Microsoft Entra cross-tenant access overview
Restrict cross-tenant inbound and outbound access
Share a canvas app with guest users
[!INCLUDEfooter-include]