什么是 Azure Active Directory B2B 中的来宾用户访问权限?What is guest user access in Azure Active Directory B2B?

Azure Active Directory (Azure AD) 企业到企业 (B2B) 协作是外部标识的一项功能,使你能够邀请来宾用户同组织一起协作。Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. 使用 B2B 协作,可以安全地将公司的应用程序和服务与来自任何其他组织的来宾用户共享,同时保持对自己公司数据的控制。With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. 与外部合作伙伴安全放心地合作,不论其规模是大是小,甚至就算他们没有 Azure AD 或 IT 部门也无妨。Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department. 合作伙伴通过一个简单的邀请和兑换过程即可使用自己的凭据来访问公司资源。A simple invitation and redemption process lets partners use their own credentials to access your company's resources. 开发人员可以使用 Azure AD 企业到企业 API 自定义邀请过程或编写应用程序。Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications. 有关与来宾用户相关的许可和定价信息,请参阅 Azure Active Directory 定价For licensing and pricing information related to guest users, refer to Azure Active Directory pricing.

与使用自己标识的任何合作伙伴协作Collaborate with any partner using their identities

借助 Azure AD B2B,合作伙伴可使用自己的标识管理解决方案,因此组织省去了外部管理开销。With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. 来宾用户可使用自己的工作或学校标识登录应用和服务。Guest users sign in to your apps and services with their own work or school identities.

  • 合作伙伴使用自己的标识和凭据;The partner uses their own identities and credentials;
  • 不需要管理外部帐户或密码。You don't need to manage external accounts or passwords.
  • 不需要同步帐户或管理帐户生命周期。You don't need to sync accounts or manage account lifecycles.

从 Azure AD 门户轻松地邀请来宾用户Easily invite guest users from the Azure AD portal

管理员可以在 Azure 门户中轻松地向组织添加来宾用户。As an administrator, you can easily add guest users to your organization in the Azure portal.

  • 在 Azure AD 中创建新的来宾用户,方法类似于添加新用户。Create a new guest user in Azure AD, similar to how you'd add a new user.
  • 将来宾用户分配到应用或组。Assign guest users to apps or groups.
  • 发送包含兑换链接的邀请电子邮件或发送要共享的应用的直接链接。Send an invitation email that contains a redemption link, or send a direct link to an app you want to share.

显示“新建来宾用户邀请”入口页的屏幕截图

显示“查看权限”页的屏幕截图

使用策略安全地共享你的应用和服务Use policies to securely share your apps and services

可以使用授权策略保护企业内容。You can use authorization policies to protect your corporate content. 可在以下级别强制执行多重身份验证等条件访问策略:Conditional Access policies, such as multi-factor authentication, can be enforced:

  • 租户级别。At the tenant level.
  • 应用程序级别。At the application level.
  • 针对特定来宾用户,保护企业应用和数据。For specific guest users to protect corporate apps and data.

显示“条件访问”选项的屏幕截图

自定义 B2B 来宾用户的载入体验Customize the onboarding experience for B2B guest users

使用按组织需求自定义的方法引入外部合作伙伴。Bring your external partners on board in ways customized to your organization's needs.

后续步骤Next steps