Azure Active Directory B2B 协作邀请兑换Azure Active Directory B2B collaboration invitation redemption

本文介绍来宾用户可以访问资源以及所遇到的同意过程的方式。This article describes the ways guest users can access your resources and the consent process they'll encounter. 如果向来宾发送邀请电子邮件,邀请会附有一个链接,来宾可以兑换该链接来访问应用或门户。If you send an invitation email to the guest, the invitation includes a link the guest can redeem to get access to your app or portal. 邀请电子邮件只是来宾可以访问资源的其中一种方式。The invitation email is just one of the ways guests can get access to your resources. 或者,可以将来宾添加到目录并为其提供指向要共享的门户或应用的直接链接。As an alternative, you can add guests to your directory and give them a direct link to the portal or app you want to share. 无论来宾使用哪种方法,系统都会引导他们完成首次同意过程。Regardless of the method they use, guests are guided through a first-time consent process.

将来宾用户添加到目录时,来宾用户帐户的同意状态(可在 PowerShell 中查看)最初设置为 PendingAcceptance。When you add a guest user to your directory, the guest user account has a consent status (viewable in PowerShell) that’s initially set to PendingAcceptance. 在来宾接受邀请并同意隐私策略和使用条款之前,此设置一直保留。This setting remains until the guest accepts your invitation and agrees to your privacy policy and terms of use. 此后,同意状态会更改为“已接受”,且不再向来宾显示同意页。After that, the consent status changes to Accepted, and the consent pages are no longer presented to the guest.

通过邀请电子邮件兑换Redemption through the invitation email

使用 Azure 门户将来宾用户添加到目录的过程中,会向来宾发送邀请电子邮件。When you add a guest user to your directory by using the Azure portal, an invitation email is sent to the guest in the process. 使用 PowerShell 将来宾用户添加到目录时,也可选择发送邀请电子邮件。You can also choose to send invitation emails when you’re using PowerShell to add guest users to your directory. 下面是来宾在兑换电子邮件中的链接时的体验说明。Here’s a description of the guest’s experience when they redeem the link in the email.

  1. 来宾收到从 Microsoft 邀请发送的邀请电子邮件The guest receives an invitation email that's sent from Microsoft Invitations.
  2. 来宾选择电子邮件中的“接受邀请”。The guest selects Accept invitation in the email.
  3. 来宾根据下面所述完成同意体验The guest is guided through the consent experience described below.

作为邀请电子邮件或应用程序的常用 URL 的替代方法,你可以为来宾提供指向你的应用或门户的直接链接。As an alternative to the invitation email or an application's common URL, you can give a guest a direct link to your app or portal. 首先需要通过 Azure 门户 PowerShell 将来宾用户添加到目录。You first need to add the guest user to your directory via the Azure portal PowerShell. 当来宾使用直接链接而不是邀请电子邮件时,仍将指导他们完成首次同意体验。When a guest uses a direct link instead of the invitation email, they’ll still be guided through the first-time consent experience.


直接链接特定于租户。A direct link is tenant-specific. 换句话说,它包含租户 ID 或已验证的域,以便可以在共享应用所在的租户中对来宾进行身份验证。In other words, it includes a tenant ID or verified domain so the guest can be authenticated in your tenant, where the shared app is located. 下面是使用租户上下文的直接链接的一些示例:Here are some examples of direct links with tenant context:

  • Azure 门户:<tenant id>Azure portal:<tenant id>

在某些情况下,建议使用邀请电子邮件而不要使用直接链接。There are some cases where the invitation email is recommended over a direct link. 如果这些特殊情况对贵组织而言很重要,我们建议使用仍会发送邀请电子邮件的方法来邀请用户:If these special cases are important to your organization, we recommend that you invite users by using methods that still send the invitation email:

  • 有时,由于与联系人对象(例如,Outlook 联系人对象)存在冲突,受邀用户对象可能会没有电子邮件地址。Sometimes the invited user object may not have an email address because of a conflict with a contact object (for example, an Outlook contact object). 在这种情况下,用户必须单击邀请电子邮件中的兑换 URL。In this case, the user must click the redemption URL in the invitation email.
  • 用户可使用受邀电子邮件地址的别名登录。The user may sign in with an alias of the email address that was invited. (别名指与电子邮件帐户关联的其他电子邮件地址。)在这种情况下,用户必须单击邀请电子邮件中的兑换 URL。(An alias is an additional email address associated with an email account.) In this case, the user must click the redemption URL in the invitation email.

来宾在首次登录以访问合作伙伴组织中的资源后,会指导他们完成以下页面。When a guest signs in to access resources in a partner organization for the first time, they're guided through the following pages.

  1. 来宾查看描述邀请组织的隐私声明的“查看权限”页。The guest reviews the Review permissions page describing the inviting organization's privacy statement. 用户必须“接受”根据邀请组织的隐私策略使用其信息才能继续。A user must Accept the use of their information in accordance to the inviting organization's privacy policies to continue.



    有关如何以租户管理员身份链接到组织隐私声明的信息,请参阅如何:在 Azure Active Directory 中添加组织的隐私信息For information about how you as a tenant administrator can link to your organization's privacy statement, see How-to: Add your organization's privacy info in Azure Active Directory.

  2. 如果已配置使用条款,来宾将打开并查看使用条款,然后选择“接受”。If terms of use are configured, the guest opens and reviews the terms of use, and then selects Accept.


  3. 除非另有指定,否则来宾会被重定向到应用访问面板,其中列出了来宾可以访问的应用程序。Unless otherwise specified, the guest is redirected to the Apps access panel, which lists the applications the guest can access.


在目录中,来宾的“邀请已接受”值将更改为“是” 。In your directory, the guest's Invitation accepted value changes to Yes. 有关来宾用户帐户属性的详细信息,请参阅 Azure AD B2B 协作用户的属性For more information about guest user account properties, see Properties of an Azure AD B2B collaboration user.

后续步骤Next steps