什么是 Azure Active Directory B2B 中的来宾用户访问权限?What is guest user access in Azure Active Directory B2B?

使用 Azure Active Directory (Azure AD) 企业到企业 (B2B) 协作可以安全地将公司的应用程序和服务与来自任何其他组织的来宾用户共享,同时保持对自己公司数据的控制。Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. 与外部合作伙伴安全放心地合作,不论其规模是大是小,甚至就算他们没有 Azure AD 或 IT 部门也无妨。Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. 合作伙伴通过一个简单的邀请和兑换过程即可使用自己的凭据来访问公司资源。A simple invitation and redemption process lets partners use their own credentials to access your company's resources. 开发人员可以使用 Azure AD 企业到企业 API 自定义邀请处理或编写自助注册门户之类的应用程序。Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals.

请观看视频,了解如何邀请来宾用户使用他们自己的标识登录公司的应用和服务以安全地与之协作。Watch the video learn how you can securely collaborate with guest users by inviting them to sign in to your company's apps and services using their own identities.

与使用自己标识的任何合作伙伴协作Collaborate with any partner using their identities

借助 Azure AD B2B,合作伙伴可使用自己的标识管理解决方案,因此组织省去了外部管理开销。With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization.

  • 合作伙伴使用自己的标识和凭据;The partner uses their own identities and credentials;
  • 不需要管理外部帐户或密码。You don't need to manage external accounts or passwords.
  • 不需要同步帐户或管理帐户生命周期。You don't need to sync accounts or manage account lifecycles.

显示“添加成员”页的屏幕截图

通过一个简单的邀请和兑换过程邀请来宾用户Invite guest users with a simple invitation and redemption process

来宾用户可使用自己的工作或学校标识登录应用和服务。Guest users sign in to your apps and services with their own work or school identities. 如果来宾用户没有 Azure AD 帐户,当他们在兑换邀请时,系统会为他们创建一个帐户。If the guest user doesn’t have an Azure AD account, one is created for them when they redeem their invitation.

  • 邀请使用自选电子邮件标识的来宾用户。Invite guest users using the email identity of their choice.
  • 发送应用的直接链接,或发送邀请至来宾用户自己的访问面板。Send a direct link to an app, or send an invitation to the guest user's own Access Panel.
  • 来宾用户遵循一些简单的兑换步骤登录。Guest users follow a few simple redemption steps to sign in.

使用策略安全地共享你的应用和服务Use policies to securely share your apps and services

可以使用授权策略保护企业内容。You can use authorization policies to protect your corporate content. 可在以下级别强制执行多重身份验证等条件访问策略:Conditional Access policies, such as multi-factor authentication, can be enforced:

  • 租户级别。At the tenant level.
  • 应用程序级别。At the application level.
  • 针对特定来宾用户,保护企业应用和数据。For specific guest users to protect corporate apps and data.

显示“条件访问”选项的屏幕截图

在 Azure AD 门户中轻松添加来宾用户Easily add guest users in the Azure AD portal

管理员可以在 Azure 门户中轻松地向组织添加来宾用户。As an administrator, you can easily add guest users to your organization in the Azure portal.

  • 在 Azure AD 中创建新的来宾用户,方法类似于添加新用户。Create a new guest user in Azure AD, similar to how you'd add a new user.
  • 来宾用户会立即收到允许他们登录访问面板的可自定义邀请。The guest user immediately receives a customizable invitation that lets them sign in to their Access Panel.
  • 目录中的来宾用户会被分配到应用或组。Guest users in the directory can be assigned to apps or groups.

显示“新建来宾用户邀请”入口页的屏幕截图

自定义 B2B 来宾用户的载入体验Customize the onboarding experience for B2B guest users

使用按组织需求自定义的方法引入外部合作伙伴。Bring your external partners on board in ways customized to your organization’s needs.

后续步骤Next steps