Identity Governance – Self Service Access Package for External Users

In This post I am going to show you how to create an access package (Containing a SAAS App) that can be serviced by users who are external to your organization who are not even already invited as a guest.

Creating an Access Package

  • Navigate to Portal.azure.com
  • Go to Azure Active Directory
  • Click on Identity Governance
  • Select Create an Access Package

image

  • Enter a Name
  • Enter a Description
  • Choose which Catalog (I am sticking with the default which is general)
  • Click Next

image

In the resource roles section this is where you would add resources to the access package. I am going to keep this post simple and just choose the salesforce application

  • Add the required resources you wish the guest to have access to and click next

image

  • Next you have the option to create a policy now or later. We are going to create the Policy Now.
  • Select “For Users not in your Directory” As we want this to be available to external users who are not already guests.
  • You can select specific directories/domains which users can request access from or leave it open to any
  • I have chosen require approval since I have left the directory settings at Any.
  • Choose your specific approvers
  • Modify any other settings you wish i.e. justification or expiration dates.
  • Enable the Policy.
  • Click Review + Create

image

  • Review your settings and click create

image


Requesting Access as an external user

  • Navigate to http://myaccess.microsoft.com/@t67services.co.uk (changing the @t67services.co.uk to match the tenant your requesting access to)
  • Sign in with your external account (this would typically be your azure ad account from another organization).

image

  • After sign in select the access package we just created and choose request access

image

  • Enter the justification
  • Accept the terms
  • Click Submit

image

  • Now with the account that you selected as the approver sign into https://myaccess.microsoft.com
  • Choose Approvals
  • Select the approval and click Approve

image


Accessing the Apps

image

As you can see that was a very quick introduction to the power of identity governance and how i was able to request access to the salesforce app as an external user. More to come.

Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME