Skip to content

Adding users to Azure Active Directory

In this topic, you will learn how to add a guest user to your Azure Active Directory (Azure AD) tenant. Azure AD allows you to invite external users to access specific resources or collaborate on your organization’s services.

Scenario

You need to invite a guest user to collaborate on a project within your organization. To do so, you need to create their account in your Azure Active Directory. You will guide the guest user through the process of accepting the invitation and gaining access to your organization's resources.

Prerequisites

To complete this scenario, you need the following:

  • A role that allows you to create users in your tenant directory, such as the Global Administrator role or a limited administrator directory role (for example, Guest inviter or User administrator).

  • Access to a valid email address outside of your Azure Active Directory tenant, such as a separate work, school, or social email address. You will use this email to create the guest account in your tenant directory and to access the invitation.

Add a new guest user in Azure Active Directory

  1. Sign in to the Azure portal with an account that's been assigned the Global administrator, Guest, Inviter, or User administrator role.

  2. Under Azure services, select Azure Active Directory (or use the search box to find and select Azure Active Directory).

    Azure AD

  3. Under Manage, select Users.

    Azure AD User

  4. Under New user, select Invite external user.

    External User

  5. On the New user page, select Invite user and then add the guest user's information.

    • Name: The first and last name of the guest user.
    • Email address (required): The email address of the guest user.
    • Personal message (optional): Include a personal welcome message to the guest user.
    • Groups: You can add the guest user to one or more existing groups, or you can do it later.
    • Roles: If you require Azure Active Directory administrative permissions for the user, you can add them to an Azure AD role.

    User Form

  6. Select Invite to automatically send the invitation to the guest user. A notification appears in the upper-right corner with the message 'Successfully invited user'.

  7. After you send the invitation, the user account is automatically added to the directory as a guest.

    User Added

Accept the invitation

Now sign in as the guest user to see the invitation.

  1. Sign in to your test guest user's email account.
  2. In your inbox, open the email from 'Microsoft Invitations on behalf of Contoso'.

    User Added

  3. In the email body, select 'Accept Invitation'. A Review permissions page opens in the browser.

    Consent Screen

  4. Select Accept.

  5. The My Apps page opens. Because we haven't assigned any apps to this guest user, you'll see the message 'There are no apps to show'.. In a real-life scenario, you would add the guest user to an app, which would then appear here."