Setting up and Enabling Azure AD B2B for New Collaborate

Azure Active Directory (Azure AD) B2B Collaboration provides authentication and management of guests accessing your New Collaborate site.

Note: To ensure New Collaborate functions as intended, the settings must be configured as per the article below.

Enabling Azure AD B2B

Step 1 - Review SharePoint External Settings

  1. Open Microsoft 365 Admin Center by visiting https://admin.microsoft.com/.

  2. Log in using a Microsoft Global Admin account.

  3. From the menu on the left-hand side, locate the Admin Centers section and select SharePoint (you may need to first click Show All). 

  4. From the menu on the left-hand side, select Policies, then select Sharing.

    2237_Collaborate_B2B_Setup_highlight.gif
  5. In the External Sharing section, for "Content can be shared with" select "New and existing guests".
    Note: This option must be selected due to the Sharing functionality of New Collaborate. To control who can send invitations to guests, refer to New Collaborate Permissions. To prevent users from sharing documents directly from Microsoft, for example, using OneDrive, refer to How to restrict the ability for internal users to invite guests to SharePoint.

  6. Expand the section More external sharing settings.

  7. Tick the option "Guests must sign in using the same account to which sharing invitations are sent".

  8. In the section File and folder links select "Specific people (only the people the user specifies)".

    2238_Collaborate_B2B_Setup_highlight_specific_users.gif
  9. Click Save

You are now ready to begin the New Collaborate setup process.

Step 2 - Review External Collaborate Settings

  1. Go to the Microsoft Entra admin centre https://entra.microsoft.com and log in as the Microsoft Administrator.

  2. From the menu on the left, click the External Identities dropdown and select External collaboration settings.

  3. In the Guest invite settings section, confirm the following option has been selected:

    ➡️Member users and users assigned to specific admin roles can invite guest users including guests with member permissions.

    3027_Microsoft_entra_recommended_settings.gif
  4. Alternatively, if you want to restrict the ability to invite guest users to only specified users within the practice, you will need to enable the following setting:

    ➡️Only users assigned to specific admin roles can invite guest users

    If restricting the ability to invite guest users, you must configure the Guest Inviter role. Refer to How to restrict the ability for internal users to invite guests to SharePoint.

    Important: It is not recommended to select the option "No one in the organisation can invite guests including admins (most restrictive)."
  5. Scroll down to the Collaboration restrictions section.

  6. Select "Allow invitations to be sent to any domain (most inclusive)".
    3217_New_Collaborate_Collaboration_Restrictions.gif

  7. Alternatively, if using "Deny invitations to the specified domains" any domains added to the field below will not be able to be shared to. 

  8. If the option "Allow invitations only to the specified domains (most restrictive)" is selected, all domains that are not listed will fail when users try to share. 

    Important: It is not recommended to select the option "Allow invitations only to the specified domains (most restrictive)."

Step 3 - Enable One-Time Passcode

One-Time Passcode enables guest users to use a one-time passcode to authenticate their accounts.

Note: If this option is not enabled, users will be required to create a Microsoft Account to access the New Collaborate site.

  1. Open Microsoft Entra Admin Centre - https://entra.microsoft.com/.

  2. Log in using a Microsoft Global Admin account.

  3. From the menu on the left-hand side, in the External Identities section, select All identity providers.

  4. Select Email one-time passcode and change the toggle for Email one-time passcode for guests to Yes.

For more information on the login experience for clients, refer to Login Experience for Clients using New Collaborate.

3113_Azure_Identity_Provider_Passcode_Enabled.gif

Step 4 - Assign the User Administrator role

To add and remove guests with New Collaborate, the OneDrive Admin User must be assigned the User Administrator role.

  1. Open Microsoft Entra Admin Centre - https://entra.microsoft.com/.

  2. Log in using a Microsoft Global Admin account.

  3. From the menu on the left-hand side, in the Users section, select All Users.

  4. Locate the Practice OneDrive Admin User Account and click the name to open the user properties. 

  5. On the User menu on the left-hand side, in the Manage section click Assigned roles.
    3214_Microsoft_Entra_Assigned_Roles.gif
  6. Click + Add Assignments.

  7. Tick the User Administrator role.
    3215_Microsoft_Entra_Directory_Roles_User_Administrator.gif
  8. Click Add.

  9. The next time you load the Assigned Roles page, the User Administrator role will be displayed for the user.

Next Steps: To continue setting up New Collaborate, refer to Setting up Collaborate Email Templates.

Was this article helpful?
3 out of 3 found this helpful