Azure AD B2B Collaboration gives you the ability to collaborate with other organizations and people, even if they do not use Azure AD. The Azure AD Team recently improved the way that an external company can authenticate to your Azure AD using Google IDs. So, even if your external partners use Gmail accounts, you can successfully share to them apps and resources, without asking them to use Microsoft accounts. Actually it is Google the first identity provider that Azure AD supports.
If you want to read more about how GMail accounts are supported, you can take a look at this article.
So today we have another announcement, the ability to use OTPs (one-time passwords) for your external partners, making B2B collaboration really easy with anyone that has an email account.
By using email OTP, anyone who doesn’t have a Microsoft or Google account can access shared resources, without the need to create a new account just for this. They can still use their existing account to login to Azure AD and receive an OTP code via email. This code will be used during the authentication process. And if you really need it, you can integrate and use Conditional Access and MFA.
Let’s take a look at how it works:
Since we want the whole process to be really secure, remember that each authenticated session lasts for 24 hours, then you have to re-authenticate using a new OTP code. This means that external users need to verify again that they have access to the email address that they used the first time.
This is what your external users will get when they authenticate:
As soon as they receive the OTP code via email, they have to use it:
Do you need to know more? Take a look at the official documentation here.
Thanks for your time!