Skip to content

tarekd/active-directory-dotnet-graphapi-b2bportal-web

 
 

Repository files navigation

Azure Active Directory/ASP.Net MVC/GraphAPI B2BPortal

Sample/Prototype project enabling self-service B2B capabilities for an Azure AD Tenant

Quick Start

Detailed step-by-step deployment instructions

Details

  • Allows self-service provisioning of guest accounts in a tenant. Portal enables this via API calls to the Microsoft Graph
  • Leverages Azure DocumentDB. For development, a downloadable emulator is available: https://aka.ms/documentdb-emulator
  • ARM template deploys the following:
    • Azure Web App
    • Azure DocumentDB
  • Requires the following (see step-by-step deployment instructions above for details):
    1. Azure AD application with the following:
    • Microsoft Graph - app permissions
      • Read and write directory data
      • Read and write all users' full profiles
    • Microsoft Graph - delegated permissions
      • Sign in and read user profile
    1. Azure AD application with the following:
    • Microsoft Graph - delegated permissions
      • Sign in and read user profile
      • Multi-Tenant enabled
    • Optional - custom DNS name and SSL cert

Operation

  • Guests access the home page and may enter their login email to request access to the host tenant/company. Optionally, they may click to "Require Sign-In" - this will allow them to login to the guest's home tenant, authenticate, then return with the form pre-filled AND with the request authenticated and validated.
  • Once the request is submitted, the request will be queued in a DocumentDB repo.
  • A user in the home company with the "Guest Submitter" role granted can then access the portal, log in, and browse the pending requests, either approving, denying, or leaving in a pending state for others to review. Additionally, internal comments can be attached to the request records.
  • Optionally, authorized users may login and add a "Partner Organization" profile record. This will allow potential guests with a matching domain suffix, to be optionally auto-approved for B2B guest access in the tenant.
  • Whether a user is automatically approved, or manually approved, once an approval occurs, a welcome email is generated to the requester with a link that allows for redemption of the request.

As-Is Code

This code is made available as a sample to demonstrate usage of the Azure Active Directory B2B Invitation API. It should be customized by your dev team or a partner, and should be reviewed before being deployed in a production scenario.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

About

Demonstration/prototype of B2B self-service signup, signup approvals, and profile editing.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 52.8%
  • C# 40.0%
  • PowerShell 3.5%
  • HTML 2.6%
  • CSS 1.1%