Skip to main content

Using Entitlement Management to Provide External Access to SharePoint Online

November 16, 2022 February 22nd, 2023

Using Entitlement Management to Provide External Access to SharePoint Online

November 16, 2022 February 22nd, 2023

Using Entitlement Management to Provide External Access to SharePoint Online

September 22, 2022 September 26th, 2022

Using Entitlement Management to Provide External Access to SharePoint Online

Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.

Entitlement management allows your organization to manage access to groups, applications and SharePoint Online sites for internal users and users outside the organization with controls like self-service request, approval workflows and expiration policies. Entitle management does this by creating and managing access packages which are a collection of resources grouped together to be requested in a single go.

Example of a Real-World Scenario

You are required to grant a partner company access to your SharePoint online intranet. Specifically, this partner company requires 20 users access to a Project Management subsite in your SPO intranet for the next 3 months. At a high level an access package would be created to grant access for the 20 users to your SPO engineering subsite. The access package could be scoped to the partner company’s external domain to protect the access package from unauthorized use. You can then add time restrictions on the access so the partner company can only access the subsite for the next 3 months.

At a high level the following requirements would have to be defined for an access package:

–       What are you granting access to? For example, SPO site, library and etc.

–       Who or what domains require this access?

–       How long do they need this access for?

After these requirements above have been identified for an access package. A url would be generated at the creation of the access package and that URL would be used to invite external users and grant access to a SharePoint online site based on the resources specified in the access package.

Entitlement Management Requirements
Entitlement management requires an Azure AD Premium 2 license.

License Limitations

Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:

  • Member users who can request an access package.
  • Member users who request an access package.
  • Member users who approve requests for an access package.
  • Member users who review assignments for an access package.
  • Member users who have a direct assignment to an access package.

For guest users, licensing needs will depend on the licensing model you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:

  • Guest users who request an access package.
  • Guest users who approve requests for an access package.
  • Guest users who review assignments for an access package.
  • Guest users who have a direct assignment to an access package.

Azure AD Premium P2 licenses are not required for the following tasks:

  • No licenses are required for users with the Global Administrator role who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.
  • No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.
  • No licenses are required for guests who have the privilege to request access packages but they do not choose to request them.

“Thank you for reading this post! If you enjoyed it, I encourage you to check out some of our other content on this blog. We have a range of articles on various topics that I think you’ll find interesting. Don’t forget to subscribe to our newsletter to stay up to date with all of our latest content.”

Tags:

Using Entitlement Management to Provide External Access to SharePoint Online
Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.

Entitlement management allows your organization to manage access to groups, applications and SharePoint Online sites for internal users and users outside the organization with controls like self-service request, approval workflows and expiration policies. Entitle management does this by creating and managing access packages which are a collection of resources grouped together to be requested in a single go.

 

Example of a Real-World Scenario
You are required to grant a partner company access to your SharePoint online intranet. Specifically, this partner company requires 20 users access to a Project Management subsite in your SPO intranet for the next 3 months. At a high level an access package would be created to grant access for the 20 users to your SPO engineering subsite. The access package could be scoped to the partner company’s external domain to protect the access package from unauthorized use. You can then add time restrictions on the access so the partner company can only access the subsite for the next 3 months.

At a high level the following requirements would have to be defined for an access package:

–       What are you granting access to? For example, SPO site, library and etc.

–       Who or what domains require this access?

–       How long do they need this access for?

After these requirements above have been identified for an access package. A url would be generated at the creation of the access package and that URL would be used to invite external users and grant access to a SharePoint online site based on the resources specified in the access package.

Entitlement Management Requirements
Entitlement management requires an Azure AD Premium 2 license.

License Limitations
Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:

Member users who can request an access package.
Member users who request an access package.
Member users who approve requests for an access package.
Member users who review assignments for an access package.
Member users who have a direct assignment to an access package.
For guest users, licensing needs will depend on the licensing model you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:

Guest users who request an access package.
Guest users who approve requests for an access package.
Guest users who review assignments for an access package.
Guest users who have a direct assignment to an access package.
Azure AD Premium P2 licenses are not required for the following tasks:

No licenses are required for users with the Global Administrator role who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.
No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.
No licenses are required for guests who have the privilege to request access packages but they do not choose to request them.

Using Entitlement Management to Provide External Access to SharePoint Online

Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.

Entitlement management allows your organization to manage access to groups, applications and SharePoint Online sites for internal users and users outside the organization with controls like self-service request, approval workflows and expiration policies. Entitle management does this by creating and managing access packages which are a collection of resources grouped together to be requested in a single go.

Example of a Real-World Scenario

You are required to grant a partner company access to your SharePoint online intranet. Specifically, this partner company requires 20 users access to a Project Management subsite in your SPO intranet for the next 3 months. At a high level an access package would be created to grant access for the 20 users to your SPO engineering subsite. The access package could be scoped to the partner company’s external domain to protect the access package from unauthorized use. You can then add time restrictions on the access so the partner company can only access the subsite for the next 3 months.

At a high level the following requirements would have to be defined for an access package:

–       What are you granting access to? For example, SPO site, library and etc.

–       Who or what domains require this access?

–       How long do they need this access for?

After these requirements above have been identified for an access package. A url would be generated at the creation of the access package and that URL would be used to invite external users and grant access to a SharePoint online site based on the resources specified in the access package.

Entitlement Management Requirements

Entitlement management requires an Azure AD Premium 2 license.

License Limitations

Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:

  • Member users who can request an access package.
  • Member users who request an access package.
  • Member users who approve requests for an access package.
  • Member users who review assignments for an access package.
  • Member users who have a direct assignment to an access package.

For guest users, licensing needs will depend on the licensing model you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:

  • Guest users who request an access package.
  • Guest users who approve requests for an access package.
  • Guest users who review assignments for an access package.
  • Guest users who have a direct assignment to an access package.

Azure AD Premium P2 licenses are not required for the following tasks:

  • No licenses are required for users with the Global Administrator role who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.
  • No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.
  • No licenses are required for guests who have the privilege to request access packages but they do not choose to request them.

Tags:

Using Entitlement Management to Provide External Access to SharePoint Online 

Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.

Entitlement management allows your organization to manage access to groups, applications and SharePoint Online sites for internal users and users outside the organization with controls like self-service requests, approval workflows and expiration policies. Entitle management does this by creating and managing access packages which are a collection of resources grouped together to be requested in a single go.

Example of a Real-World Scenario

You are required to grant a partner company access to your SharePoint online intranet. Specifically, this partner company requires 20 users access to a Project Management subsite in your SPO intranet for the next 3 months. At a high level, an access package would be created to grant access for the 20 users to your SPO engineering subsite. The access package could be scoped to the partner company’s external domain to protect the access package from unauthorized use. You can then add time restrictions on the access so the partner company can only access the subsite for the next 3 months.

At a high level the following requirements would have to be defined for an access package:

  • What are you granting access to? For example, SPO site, library and etc.
  • Who or what domains require this access?
  • How long do they need this access for?

After these requirements above have been identified for an access package. A URL would be generated at the creation of the access package and that URL would be used to invite external users and grant access to a SharePoint online site based on the resources specified in the access package.

Entitlement Management Requirements

Entitlement management requires an Azure AD Premium 2 license.

License Limitations:

Ensure that your directory has at least as many Azure AD Premium P2 licenses as you have:

  • Member users who can request an access package.
  • Member users who request an access package.
  • Member users who approve requests for an access package.
  • Member users who review assignments for an access package.

Member users who have a direct assignment to an access package.For guest users, licensing needs will depend on the licensing model you’re using. However, the below guest users’ activities are considered Azure AD Premium P2 usage:

  • Guest users who request an access package.
    Guest users who approve requests for an access package.
    Guest users who review assignments for an access package.
    Guest users who have a direct assignment to an access package.

Azure AD Premium P2 licenses are not required for the following tasks:

  • No licenses are required for users with the Global Administrator role who set up the initial catalogs, access packages, and policies, and delegate administrative tasks to other users.
  • No licenses are required for users who have been delegated administrative tasks, such as catalog creator, catalog owner, and access package manager.
  • No licenses are required for guests who have a privilege to request access packages but they do not choose to request them.

 

Let us build something amazing together
Connect with us.

With over 20 years of experience working with Microsoft Technologies, Imaginet can help you choose the right Microsoft 365 solution to adopt an effective hybrid workplace model and improve employee engagement. Contact us to get your free virtual consultation.

Let's Talk

Like what you read?

Check out our recent articles.

March 30, 2023 in Managed Services

Reporting Suspecious Activity Feature – Azure Active Directory

Azure Active Directory's Reporting Suspicious Activity feature helps you detect and respond to suspicious activities in your organization. Get real-time alerts, investigate suspicious activities, and take action quickly with our advanced security tools. Protect your data and stay secure with Azure Active
Read More
March 16, 2023 in Application Development

Choosing the right technology stack

Choosing the right technology stack is crucial to the success of any software development project. It involves selecting the right set of tools and frameworks that can meet the project's requirements and help deliver high-quality results within the given time and budget. At Imaginet, we understand the challenges and complexities that come with selecting the right technology stack, and we are committed to helping our clients through the process. Here are five tips to consider…
Read More
March 9, 2023 in Power Platform, Productivity

The Ultimate Guide to Creating High-Performance Power Automate Workflows

Learn how to create powerful Power Automate workflows that are efficient, effective, and designed for success. This ultimate guide covers everything from setting up your workflow to advanced customization options and best practices. Get started on your journey today!
Read More
March 1, 2023 in Application Development

Optimize Learning & Efficiency of App Development with ChatGPT

The article discusses how artificial intelligence (AI), specifically the AI-powered language model ChatGPT, can be integrated into software development processes. ChatGPT can be utilized for tasks such as providing explanations for coding concepts, giving recommendations for improving code efficiency, simplifying complex code, troubleshooting and debugging code, and generating examples for practice exercises.
Read More

Tags:

Roy Polvorosa

About Roy Polvorosa

Roy Polvorosa is an Imaginet Infrastructure Specialist that focuses on deploying and supporting Microsoft technologies. During his time at Imaginet, Roy has focused his infrastructure skills towards SharePoint, Office 365, and Azure cloud offerings. Roy has rich experience deploying and supporting clients that have multiple sites and a variety of support needs. Roy further extends his knowledge by supporting Imaginet internal developers and their variety of database and application servers needed to support 20+ simultaneous development projects.

Let‘s Talk.

Let's talk!