适用于混合组织的 Azure Active Directory B2B 协作Azure Active Directory B2B collaboration for hybrid organizations

使用 Azure Active Directory (Azure AD) B2B 协作,可以轻松向外部合作伙伴授予对组织中应用和资源的访问权限。Azure Active Directory (Azure AD) B2B collaboration makes it easy for you to give your external partners access to apps and resources in your organization. 即使是在同时包含本地资源和基于云的资源的混合配置中,也能做到这一点。This is true even in a hybrid configuration where you have both on-premises and cloud-based resources. 当前是在本地标识系统中管理外部合作伙伴帐户,还是在云中以 Azure AD B2B 用户的形式管理外部帐户,都不重要。It doesn’t matter if you currently manage external partner accounts locally in your on-premises identity system, or if you manage the external accounts in the cloud as Azure AD B2B users. 现在,可以对这两种环境使用相同的登录凭据,向这些用户授予对任一位置中的资源的访问权限。You can now grant these users access to resources in either location, using the same sign-in credentials for both environments.

向本地托管的合作伙伴帐户授予对云资源的访问权限Grant locally-managed partner accounts access to cloud resources

在 Azure AD 推出之前,使用本地标识系统的组织一贯是在其本地目录中管理合作伙伴帐户。Before Azure AD, organizations with on-premises identity systems have traditionally managed partner accounts in their on-premises directory. 如果你就在这样的一家组织,则需要确保在将应用和其他资源转移到云时,合作伙伴仍旧拥有访问权限。If you’re such an organization, you want to make sure that your partners continue to have access as you move your apps and other resources to the cloud. 最好是让这些用户使用相同的凭据集来访问云资源和本地资源。Ideally, you want these users to use the same set of credentials to access both cloud and on-premises resources.

我们现在提供了相应的方法,让你使用 Azure AD Connect 将这些本地帐户作为“来宾用户”同步到云,在云中,这些帐户的行为与 Azure AD B2B 用户相同。We now offer methods where you can use Azure AD Connect to sync these local accounts to the cloud as "guest users," where the accounts behave just like Azure AD B2B users.

为帮助保护公司数据,可将访问范围控制为适当的资源,并配置授权策略,以区分对待这些来宾用户和本公司的员工。To help protect your company data, you can control access to just the right resources, and configure authorization policies that treat these guest users differently from your employees.

有关实施详细信息,请参阅使用 Azure AD B2B 协作向本地托管的合作伙伴帐户授予对云资源的访问权限For implementation details, see Grant locally-managed partner accounts access to cloud resources using Azure AD B2B collaboration.

后续步骤Next steps