Implement and Manage External Identities Flashcards
What makes it possible for you to allow people outside your organization to access internal resources?
Azure AD External Identities
What does Azure AD External Identities focus on?
A. User’s Relationship to your Organization
B. How User wants to Sign In
B. How the user wants to sign in.
By default, who invites external users?
Everyone
Levels of ___________
- Turn off invitations
- Only admins and users in the Guest Inviter role can invite
- Admins, the Guest Inviter role, and members can invite
- All users, including guests, can invite
Azure AD B2B Invitation Policies
What 3 actions are required for self-service app management or SAML-based apps?
- Enable self-service group management for your tenant.
- Create a group to assign to the app and make the user an owner.
- Configure the app for self-service and assign the group to the app.
How can a bulk list of external users be added to Azure AD?
Upload a CSV file
PIM
Privileged Identity Management
Describe the 4 States of Azure AD B2B accounts.
State 1: Homed in an external instance of Azure AD and represented as a guest user in the inviting organization. In this case, the B2B user signs in by using an Azure AD account that belongs to the invited tenant.
State 2: Homed in a Microsoft or other account and represented as a guest user in the host organization.
State 3: Homed in the host organization’s on-premises Active Directory and synced with the host organization’s Azure AD.
State 4: Homed in the host organization’s Azure AD with UserType = Guest and credentials that the host organization manages.
What is the default source of a new Guest User?
Invited User
When does the user account source update from Invited User?
When the external user accepts the invitation
What user property indicates the user’s relationship to the host tenancy?
UserType
- Member
- Guest
What user property indicuates how the user signs in?
Source
- Invited User
- External Azure AD
- Microsoft Account
- Windows Server AD
- Azure AD
True or False:
UserType has a dynamic relationship to Source.
False
SAML
Security Assertion Markup Language
What two protocols facilitate direct federation with another organizations identity provider?
- SAML 2.0
2. WS-Fed
Can you use direct federation with a domain that is DNS-verified in Azure AD?
No
Can Google federation be used with G Suite domains?
No
If you remove direct federation and the external users access, how do you re-enable their access.
Rebuild the direct federation along with the affected user profiles.
How do you connect a Facebook as an identity provider?
Self-service sign up or user flow
Users assigned limited administrator directory roles can use the Azure portal to invite B2B collaboration users. You can invite B2B collaboration users to a directory or to a group. What other activities can B2B collaboration users be invited?
An application.
Azure AD B2B can be configured to federate with identity providers that use either of two protocols. One protocol is Security Assertion Markup Language (SAML); what is the other protocol?
WS-Federation (WS-Fed)
What are dynamic groups?
Dynamic groups are security groups whose memberships are based on user attributes (such as userType, department, or country/region).
