Adding B2B Guest users in a group for Application access

Question

I want to invite external users to access few applications in my Azure AD tenant. I have used Graph API to sent bulk invite to the users.Now,in order to display the applications in the AD access panel for the users, I need to provide them access to the applications. I think the approach would be creating a group of guest users and assign the group to the applications.

How can I add the guest users in a group while sending invite?
Does the invitation API provide any optional parameter to add the invited user in a group?

Also, can I assign the application(s) permission to the guest user or a guest user group through API in time of sending invitation?

Any code sample will help.

Tom Sun - MSFT Tom Sun - MSFT · Accepted Answer · 2018-11-27T07:49:04

Does the invitation API provide any optional parameter to add the invited user in a group?

No, there is no any optional paramter to add the invited use in a group using create invitation API.

The following is the Rest API how to invite external users.

POST https://graph.microsoft.com/v1.0/invitations
Content-type: application/json
Content-length: 551

{
  "invitedUserEmailAddress": "[email protected]",
  "inviteRedirectUrl": "https://myapp.com"
}

You also could get more information about how to use this API from this SO thread. If C# code is possible, you could refer to this SO thread.

can I assign the application(s) permission to the guest user

Sure, we could use following api to do that.

POST https://graph.windows.net/{tenantId}/directoryObjects/{userObjectId}/Microsoft.DirectoryServices.User/appRoleAssignments?api-version=1.6

Body

{
"odata.type":"Microsoft.DirectoryServices.AppRoleAssignment",
"id":"ApplicationId",
"principalId":"userObjectId",
"principalType":"User",
"resourceId":"ServiceprincipalObjectId"
}

If C# code is possible, you could refer to this SO thread.

Adding B2B Guest users in a group for Application access

1 Answers