Hey everyone, I've got a straightforward problem I'm hoping to solve. We have two tenants in our organization: Tenant A, which is our main tenant where all users are managed through Entra, and Tenant B, which is a separate entity that houses some Azure resources. These resources are still being utilized, but the users for Tenant B are not the same as those in Tenant A. I want to enable a specific group of users from Tenant A to use their Single Sign-On (SSO) from Tenant A to access the Azure console in Tenant B. Essentially, I'd like to configure Tenant A as the Identity Provider (IDP) for accessing Tenant B instead of maintaining separate user accounts. Any advice on how to set this up?
5 Answers
Sending an invitation to their email as guest users is one way to go. But if there are a lot of users, you might want to set up B2B with tenant sync. It streamlines the process!
Azure Lighthouse is exactly what you're looking for in this situation. It allows you to manage resources across tenants easily. Here’s a couple of links that explain how to utilize it: [Azure Lighthouse Overview](https://azure.microsoft.com/en-us/products/azure-lighthouse) and [Onboarding Customers](https://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer).
This solution seems like the best fit!
Consider configuring 'cross-tenant access settings' in order to manage which users and applications have access to Tenant B based on inbound and outbound rules. It's a good way to maintain security while allowing access.
You can invite users from Tenant A to Tenant B as guest users, which is a straightforward solution. If you’re dealing with a large number of users, consider using cross-tenant synchronization for a smoother process. Here are some resources that could help you out: [Add a guest user](https://learn.microsoft.com/en-us/entra/external-id/b2b-quickstart-add-guest-users-portal?WT.mc_id=studentamb_165290) and [Cross-tenant synchronization overview](https://learn.microsoft.com/en-us/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview?WT.mc_id=studentamb_165290).
I recommend setting up B2B in Entra. This will help you manage users between the tenants effectively.
That makes sense, especially if you frequently add users.