How to Assume role by a Trusted Third Party to your Azure Account (Similar to AWS)

Question

AWS allows a trusted Third Party relationship by creating an IAM Role for the Third-Party's AWS account in your account and then assigning it an External Id. After this the Trusted Third Party can assume the IAM Role with API and pass an external Id to make authorized API calls to access the resources and services based on set permissions.

I want to achieve something similar for our Azure account with Trusted Third Party.

How can I provide similar role based access to my resources in Azure account to a trusted third party ?

score 1 · Accepted Answer · answered Apr 02 '20 at 06:35

As I know, there is no such thing in Azure. If you want an external user to access the azure resources, you could invite the user to your Azure AD tenant and add the user to your subscription.

Follow the steps:

1.Navigate to the Azure Active Directory in the portal -> Users -> New guest user -> Invite user(the user need a email account), after you invite the user, the user will receive a mail, he need to consent it, then he will be added to the AAD tenant as a guest.

2.Navigate to your subscription in the portal -> Access control (IAM) -> Add role assignment -> add your guest user account as a role, details see this link, then the account will be able to access the resources.

How to Assume role by a Trusted Third Party to your Azure Account (Similar to AWS)

1 Answers1