Granting Access to Azure AD Enterprise Application
Question
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1
A contractor uses the credentials of user1@outlook.com.
You need to ensure that you can provide the contractor with access to App1
The contractor must be able to authenticate as user1@outlook.com.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portalTo provide the contractor with access to the Azure AD enterprise application named App1, you can create a guest user account in your Azure AD tenant. The guest user account will allow the contractor to authenticate as user1@outlook.com and access App1.
The correct answer is D. Create a guest user account in contoso.com.
Explanation for each answer option:
A. Run the New-AzADUser cmdlet. This cmdlet is used to create a new user in Azure AD. However, this option does not provide access to the Azure AD enterprise application for the contractor using the specified user credentials.
B. Configure the External collaboration settings. This option is used to configure settings for external collaboration with other organizations. It is not applicable for this scenario because the contractor is using user1@outlook.com, which is not an external user.
C. Add a WS-Fed identity provider. This option is used to add an identity provider that uses WS-Federation protocol. It is not applicable for this scenario because it does not provide access to the Azure AD enterprise application for the contractor using the specified user credentials.
D. Create a guest user account in contoso.com. This is the correct option for providing access to the Azure AD enterprise application for the contractor using the specified user credentials. By creating a guest user account in contoso.com, you can add the contractor as a guest user in your Azure AD tenant and provide access to the Azure AD enterprise application.
To create a guest user account in contoso.com, you can follow these steps:
- In the Azure portal, go to Azure Active Directory > Users > New guest user.
- Enter the email address of the contractor (user1@outlook.com).
- Choose the option to invite the user.
- Customize the invitation as needed, and then click Invite.
- Once the user accepts the invitation, they will be added to your Azure AD tenant as a guest user.
- Assign the guest user account access to the Azure AD enterprise application (App1) by adding them to the appropriate security group or assigning them directly to the application.
