Implement and Manage External Identities Flashcards
What makes it possible for you to allow people outside your organization to access internal resources?
Azure AD External Identities
What does Azure AD External Identities focus on?
A. User’s Relationship to your Organization
B. How User wants to Sign In
B. How the user wants to sign in.
By default, who invites external users?
Everyone
Levels of ___________
- Turn off invitations
- Only admins and users in the Guest Inviter role can invite
- Admins, the Guest Inviter role, and members can invite
- All users, including guests, can invite
Azure AD B2B Invitation Policies
What 3 actions are required for self-service app management or SAML-based apps?
- Enable self-service group management for your tenant.
- Create a group to assign to the app and make the user an owner.
- Configure the app for self-service and assign the group to the app.
How can a bulk list of external users be added to Azure AD?
Upload a CSV file
PIM
Privileged Identity Management
Describe the 4 States of Azure AD B2B accounts.
State 1: Homed in an external instance of Azure AD and represented as a guest user in the inviting organization. In this case, the B2B user signs in by using an Azure AD account that belongs to the invited tenant.
State 2: Homed in a Microsoft or other account and represented as a guest user in the host organization.
State 3: Homed in the host organization’s on-premises Active Directory and synced with the host organization’s Azure AD.
State 4: Homed in the host organization’s Azure AD with UserType = Guest and credentials that the host organization manages.
What is the default source of a new Guest User?
Invited User
When does the user account source update from Invited User?
When the external user accepts the invitation
What user property indicates the user’s relationship to the host tenancy?
UserType
- Member
- Guest
What user property indicuates how the user signs in?
Source
- Invited User
- External Azure AD
- Microsoft Account
- Windows Server AD
- Azure AD
True or False:
UserType has a dynamic relationship to Source.
False
SAML
Security Assertion Markup Language
What two protocols facilitate direct federation with another organizations identity provider?
- SAML 2.0
2. WS-Fed