Skip to content

Demonstration/prototype of B2B self-service #, # approvals, and profile editing.

License

Notifications You must be signed in to change notification settings

NielsGregers/active-directory-dotnet-graphapi-b2bportal-web

Repository files navigation

Azure Active Directory/ASP.Net MVC/GraphAPI B2BPortal

Sample/Prototype project enabling self-service B2B capabilities for an Azure AD Tenant

Quick Start

Detailed step-by-step deployment instructions

Details

  • Allows self-service provisioning of guest accounts in a tenant. Portal enables this via API calls to the Microsoft Graph
  • Leverages Azure DocumentDB. For development, a downloadable emulator is available: https://aka.ms/documentdb-emulator
  • ARM template deploys the following:
    • Azure Web App
    • Azure DocumentDB
  • Requires the following:
    • Azure AD application with the following:
      • Microsoft Graph - app permissions
        • Read and write directory data
        • Read and write all users' full profiles
      • Microsoft Graph - delegated permissions
        • # and read user profile
        • Read and write access to user profile
        • Read directory data
        • Read and write directory data
    • Optional - custom DNS name and SSL cert

Operation

  • Guest users access the home page and may enter their login email to request access to the host tenant/company. Optionally, they may click to "Pre-Auth" - this will allow them to login to the guest's home tenant, authenticate, then return with the form pre-filled AND with the request authenticated and validated.
  • Once the request is submitted, the request will be queued in a DocumentDB repo.
  • A user in the home company with the "Guest Submitter" role granted can then access the portal, log in, and browse the pending requests, either approving, denying, or leaving in a pending state for others to review. Additionally, internal comments can be attached to the request records.
  • Optionally, an admin may login and add a "Pre-Auth" domain record. This will allow all Pre-Authed users with a matching domain suffix, to be automatically approved for B2B guest access in the tenant.
  • Whether a user is automatically approved, or manually approved, once an approval occurs, a welcome email is generated to the requester with a link that allows for redemption of the request.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

Demonstration/prototype of B2B self-service #, # approvals, and profile editing.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •