在 Azure 门户中添加 Azure Active Directory B2B 协作用户Add Azure Active Directory B2B collaboration users in the Azure portal

作为分配有任何有限管理员目录角色的用户,你可以使用 Azure 门户来邀请 B2B 协作用户。As a user who is assigned any of the limited administrator directory roles, you can use the Azure portal to invite B2B collaboration users. 可将来宾用户邀请到目录、组或应用程序。You can invite guest users to the directory, to a group, or to an application. 通过上述任一方法邀请用户后,受邀用户的帐户将添加到 Azure Active Directory (Azure AD),其用户类型为“来宾”。After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. 然后,来宾用户必须兑换其邀请才能访问资源。The guest user must then redeem their invitation to access resources. 用户邀请不会到期。An invitation of a user does not expire.

将来宾用户添加到目录后,你可以向来宾用户发送指向共享应用程序的直接链接,或者来宾用户可以单击邀请电子邮件中的兑换 URL。After you add a guest user to the directory, you can either send the guest user a direct link to a shared app, or the guest user can click the redemption URL in the invitation email. 有关兑换过程的详细信息,请参阅 B2B 协作邀请兑换For more information about the redemption process, see B2B collaboration invitation redemption.

重要

应按照如何:在 Azure Active Directory 中添加组织的隐私信息中的步骤添加组织的隐私声明的 URL。You should follow the steps in How-to: Add your organization's privacy info in Azure Active Directory to add the URL of your organization's privacy statement. 作为首次邀请兑换进程的一部分,受邀的用户必须同意你的隐私条款才能继续操作。As part of the first time invitation redemption process, an invited user must consent to your privacy terms to continue.

开始之前Before you begin

请确保组织的外部协作设置已配置为允许你邀请来宾。Make sure your organization's external collaboration settings are configured such that you're allowed to invite guests. 默认情况下,所有用户和管理员都可以邀请来宾。By default, all users and admins can invite guests. 不过,组织的外部协作策略可能会配置为阻止某些类型的用户或管理员邀请来宾。But your organization's external collaboration policies might be configured to prevent certain types of users or admins from inviting guests. 若要了解如何查看和设置这些策略,请参阅启用 B2B 外部协作和管理谁可以邀请来宾To find out how to view and set these policies, see Enable B2B external collaboration and manage who can invite guests.

将来宾用户添加到目录Add guest users to the directory

若要将 B2B 协作用户添加到目录,请执行以下步骤:To add B2B collaboration users to the directory, follow these steps:

  1. 以分配有有限管理员目录角色或来宾邀请者角色的用户身份登录 Azure 门户Sign in to the Azure portal as a user who is assigned a limited administrator directory role or the Guest Inviter role.

  2. 在任意页面中,搜索并选择“Azure Active Directory”。Search for and select Azure Active Directory from any page.

  3. 在“管理”下,选择“用户” 。Under Manage, select Users.

  4. 选择“新来宾用户”。Select New guest user.

    显示“新来宾用户”在 UI 中的位置

  5. 在“新建用户”页上,选择“邀请用户”,然后添加来宾用户的信息 。On the New user page, select Invite user and then add the guest user's information.

    备注

    不支持组电子邮件地址;输入个人的电子邮件地址。Group email addresses aren’t supported; enter the email address for an individual. 另外,某些电子邮件提供程序允许用户向其电子邮件地址中添加加号 (+) 和附加文本来帮助执行收件箱筛选之类的操作。Also, some email providers allow users to add a plus symbol (+) and additional text to their email addresses to help with things like inbox filtering. 但是,Azure AD 当前不支持在电子邮件地址中使用加号。However, Azure AD doesn’t currently support plus symbols in email addresses. 为避免在传送时出现问题,请省略加号及其之后的任何字符,直至 @ 符号。To avoid delivery issues, omit the plus symbol and any characters following it up to the @ symbol.

    • 名称。Name. 来宾用户的姓氏和名字。The first and last name of the guest user.
    • 电子邮件地址(必填)Email address (required). 来宾用户的电子邮件地址。The email address of the guest user.
    • 个人消息(可选) 包含发送给来宾用户的个人欢迎消息。Personal message (optional) Include a personal welcome message to the guest user.
    • :可以将来宾用户添加到一个或多个现有组,也可以稍后进行。Groups: You can add the guest user to one or more existing groups, or you can do it later.
    • 目录角色:如果需要用户的 Azure AD 管理权限,则可以将其添加到 Azure AD 角色。Directory role: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role.
  6. 选择“邀请”,以自动向来宾用户发送邀请。Select Invite to automatically send the invitation to the guest user.

发送邀请后,该用户帐户将以来宾的形式自动添加到目录。After you send the invitation, the user account is automatically added to the directory as a guest.

显示“来宾”用户类型的 B2B 用户

将来宾用户添加到组Add guest users to a group

如果需要手动将 B2B 协作用户添加到组中,请按照以下步骤操作:If you need to manually add B2B collaboration users to a group, follow these steps:

  1. 以 Azure AD 管理员身份登录到 Azure 门户Sign in to the Azure portal as an Azure AD administrator.
  2. 在任意页面中,搜索并选择“Azure Active Directory”。Search for and select Azure Active Directory from any page.
  3. 在“管理”下,选择“组” 。Under Manage, select Groups.
  4. 选择一个组(或单击“新建组”创建一个新组)。Select a group (or click New group to create a new one). 最好是输入组说明,指出该组包含 B2B 来宾用户。It's a good idea to include in the group description that the group contains B2B guest users.
  5. 选择“成员”。Select Members.
  6. 执行下列操作之一:Do one of the following:
    • 如果目录中已存在该来宾用户,请搜索 B2B 用户。If the guest user already exists in the directory, search for the B2B user. 选择该用户,单击“选择”将该用户添加到组中。Select the user, and then click Select to add the user to the group.

    • 如果目录中尚未存在来宾用户,请通过在搜索框中键入来宾用户的电子邮件地址,键入可选的个人消息,然后单击“选择”来邀请他们加入该组。If the guest user does not already exist in the directory, invite them to the group by typing their email address in the search box, typing an optional personal message, and then clicking Select. 邀请会自动发送到受邀用户。The invitation automatically goes out to the invited user.

      添加邀请按钮以添加来宾成员

将来宾用户添加到应用程序Add guest users to an application

若要将 B2B 协作用户添加到应用中,请按照以下步骤操作:To add B2B collaboration users to an application, follow these steps:

  1. 以 Azure AD 管理员身份登录到 Azure 门户Sign in to the Azure portal as an Azure AD administrator.

  2. 在任意页面中,搜索并选择“Azure Active Directory”。Search for and select Azure Active Directory from any page.

  3. 在“管理”下,选择“企业应用程序” > “所有应用程序” 。Under Manage, select Enterprise applications > All applications.

  4. 选择要将来宾用户添加到的应用程序。Select the application to which you want to add guest users.

  5. 在应用程序的仪表板上,选择“用户总数”以打开“用户和组”窗格。On the application's dashboard, select Total Users to open the Users and groups pane.

    用于打开“用户和组”窗格的“用户总数”按钮

  6. 选择“添加用户”。Select Add user.

  7. 在“添加分配”下,选择“用户和组”。 Under Add Assignment, select User and groups.

  8. 执行下列操作之一:Do one of the following:

    • 如果目录中已存在该来宾用户,请搜索 B2B 用户。If the guest user already exists in the directory, search for the B2B user. 选择用户,单击“选择”,然后单击“分配”将该用户添加到应用。Select the user, click Select, and then click Assign to add the user to the app.

    • 如果来宾用户尚不在目录中,请在“选择成员或邀请外部用户”下键入用户的电子邮件地址。If the guest user does not already exist in the directory, under Select member or invite an external user, type the user's email address. 在消息框中,键入个人消息(可选)。In the message box, type an optional personal message. 在消息框下,单击“邀请”。Under the message box, click Invite.

      添加邀请按钮以添加来宾成员

      单击“选择”,然后单击“分配”将该用户添加到应用。Click Select, and then click Assign to add the user to the app. 邀请会自动发送给受邀用户。An invitation automatically goes out to the invited user.

  9. 来宾用户将出现在应用程序的“用户和组”列表中,其中分配的角色为“默认访问权限”。The guest user appears in the application's Users and groups list with the assigned role of Default Access. 如果想要更改该角色,请执行以下操作:If you want to change the role, do the following:

    • 选择来宾用户,然后选择“编辑”。Select the guest user, and then select Edit.
    • 在“编辑分配”下,单击“选择角色”,然后选择要分配给所选用户的角色。Under Edit Assignment, click Select Role, and select the role you want to assign to the selected user.
    • 单击“选择”。Click Select.
    • 单击“分配”。Click Assign.

向来宾用户重新发送邀请Resend invitations to guest users

如果来宾用户尚未兑换其邀请,你可以重新发送邀请电子邮件。If a guest user has not yet redeemed their invitation, you can resend the invitation email.

  1. 以 Azure AD 管理员身份登录到 Azure 门户Sign in to the Azure portal as an Azure AD administrator.

  2. 在任意页面中,搜索并选择“Azure Active Directory”。Search for and select Azure Active Directory from any page.

  3. 在“管理”下,选择“用户” 。Under Manage, select Users.

  4. 选择用户帐户。Select the user account.

  5. 在“管理”下,选择“配置文件”。 Under Manage, select Profile.

  6. 如果该用户尚未接受邀请,则会显示“重新发送邀请”选项。If the user has not yet accepted the invitation, a Resend invitation option is available. 选择此按钮可以重新发送邀请。Select this button to resend.

    用户配置文件中的“重新发送邀请”选项

备注

请注意,如果重新发送的邀请最初将用户定向到了特定的应用,新邀请中的链接会使该用户转到顶级访问面板。If you resend an invitation that originally directed the user to a specific app, understand that the link in the new invitation takes the user to the top-level Access Panel instead.

后续步骤Next steps