1

In our mechanical engineering company we are building a customer portal, where our customers should find documentation for their equipment.
This documentation is natively hosted in SharePoint Online.
Here we create a site collection for each machine where all documentation is hosted. To provide the customer access to those documents, we would create a web application where the customer has to sign in with Azure B2B (not B2C).

After the sign in process the user will automatically be added as a guest with visit-permission to the site collections of all the machines they have.
The user would not directly visit the site collection, but a REST-call to fetch the documents with their metadata should work to display the files in our customer portal.

Important: Customers can also invite other users of their own organisation to give other employees access to the portal. We could use the B2B API for this. Everytime the customer "adds" a new user, this user will be added as a guest and will be added automatically also to the same site collections.

We have the skills to develop something like that. Only question: Is Azure B2B made for this? Can we do it like this? In Azure B2C no access to SharePoint Online (or generally 365) is possible.
For this reason I hope that our approach can work.

When using Azure B2C we would have to write our own service that accesses SharePoint in the background via client credential flow (with a certificate) and return the docs through this "reroute". This approach is harder and would also not allow the customer to visit SharePoint. But in this case users would not have to be guest users... We could clearly seperate "internal" and "guest users" with two different tenants. Nevertheless: I prefer the first approach. What do you think? Any security concerns?

David Mason
  • 915
  • 1
  • 9
  • 27
  • Thanks and B2B will be the good approach however please follow the governess issue of B2B or external sharing of SharePoint or One Drive. with this document - https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/9-secure-access-teams-sharepoint#govern-access-in-sharepoint-and-onedrive – Jit_MSFT Jul 21 '21 at 18:31

1 Answers1

0

As suggested by Jit_MSFT in comments section , You can use B2B collaboration but you have to ensure to govern access of B2B collaboration or external sharing of sharepoint and onedrive .

As per the Microsoft Documentation: SharePoint administrators have many settings available for collaboration. Organization-wide settings are managed from the SharePoint admin center. Settings can be adjusted for each SharePoint site. Its recommended that your organization-wide settings be at your minimum necessary security levels, and that you increase security on specific sites as needed. For example, for a high-risk project, you may want to restrict users to certain domains, and disable the ability of members to invite guests.

Thank you Jit_MSFT! for providing the reference link.

Reference: Secure external access to Microsoft Teams, SharePoint, and OneDrive with Azure Active Directory | Microsoft Docs

Ansuman Bal
  • 9,705
  • 2
  • 10
  • 27