Guest Access Service
Azure business-to-business (B2B) allows you to securely share Office 365 (O365) data and collaborate across O365 applications with guest users from external organisations. This is achieved via a simple invitation and redemption process, allowing guests to use their own username and password to access NHSmail O365 services. This article provides detail around how the Azure B2B process works and how to set up guest user accounts.
* Guest access is provided for an initial 30 days, after which time, the guest may request an extension for an additional 180 days. These extension requests can be approved by Local Administrators using the My Approvals page on the NHSmail portal.
If the extension isn’t approved within 30 days of being generated, the guest account will be deleted, and the user will need to be re-invited.
For more details or to request a domain to be added to the allow list, please contact your Local Administrator.
The account requester will be responsible for liaising with their Local Administrator (LA) team for any access or permissions required.
Creating Guest Accounts
Manual Creation
The eligible guest inviter must complete the following steps in order to provide guests with O365 access:
To provide multiple (6+) guests with O365 access, please use the Bulk Uploads method as described in the next section.
Where you have greater than 10 users and want to replicate an external Azure Active Directory (AD) group into the NHSmail tenant, please follow this guide on Azure Federated Groups.
1. Log in to the NHSmail Portal and navigate to the Guest Access Select Add, then Add Guest Users.
2. Complete the required email field for each guest user that requires access and select Submit. Select + to add up to 5 guests.
If more guest users are required please see the bulk upload process in step 4.
3. Submitting this request will generate the following two automated emails:
a) To the requester providing a status update on the request
b) To the external guest with confirmation and account verification steps
4. After submitting, the portal will re-direct you to the View Guest Users screen and a success / fail notification will appear. You must refresh the page to see your additional guests.
5. After refreshing the page, the new users will be added to your ‘View Guest Users’ list as shown below.
Bulk Upload
The eligible guest inviter must complete the following steps to provide multiple (6 plus) guests with O365 access:
1. Log in to the NHSmail portal and navigate to the ‘Guest Access’ tab. Select Bulk Upload Guest Users.
2. Enter the guest user details into a CSV file to prepare for a bulk upload.
In order to view the Guest Access tab, you need to be part of an eligible guest inviter group which can be created (1 per organisation) under the Admin tab > Manage Eligible Guest Inviters. Eligible guest inviter permissions are provided by Local Administrators. Please speak to your Local Administrators, who will need to set you up with this permission before you can invite guests.
3. Select Browse / Upload to locate and attach the CSV file containing the guest user information.
4. Once uploaded, your file will be visible on the portal and ready for submitting. As with the manual upload process, both the inviter and guests will receive automated emails as shown in step 3 within the Manually Adding section.
5. After submitting, the Portal will re-direct you to the View Guest Users screen and a success / fail notification will appear. You must refresh the page to see your additional guests.
6. After refreshing the page, the new users will be added to your ‘View Guest Users’ list as shown below.
NOTE
If a Guest User is unable to locate their invitation and they are still in a Pending Invite status, users with the Guest Inviter role have the option to re-send the invitation. This button will be displayed once Guest User(s) are selected and is located alongside the other buttons at the top of the page.
Guest User Account – Activation
The guest user will need to complete their account set up. This will create a Microsoft account so that they can collaborate in O365:
1. The guest user will receive an email (to the email address provided by the eligible guest inviter) similar to the screenshot below. This confirms they have been invited as a guest user. They will need to select Get Started to create their account.
2. The guest user will be directed to the ‘Create account’ page. They must select Next.
3. The guest user will then need to create a password for the account. The password will need to be at least 8-characters. They will then need to select Next.
Guests who have an existing O365 account in Azure AD will be prompted to follow an account authentication process as opposed to the listed account creation steps – see the next section on Authentication for guidance on this.
4. The guest user will be asked for the Country / region they are in and their date of birth. Once entered, select Next.
5. The guest user will then need to verify their email address. A security code will be sent to their email address which they will need to enter in the box below. Select Next.
6. As part of additional account verification, they will be asked to enter the characters they see in the box below and then select Next.
7. Finally, the guest user will need to review and Accept the below permissions. Once the account has been created, NHSmail O365 users will be able to search for and collaborate with the newly created guest user account.
Authentication
If a user has an existing O365 account in Azure AD then they will need to complete the following authentication process enabling them to collaborate in O365:
1. The guest user will receive an email (to the email address provided by the eligible guest inviter) similar to the screenshot below. This confirms they have been invited as a guest user. They will need to select Get Started to verify / create their account.
2. If a user already has an account, the user will need to select the profile to sign in. Select – enter credentials to log into account.
3. Finally, the guest user will need to review and Accept the below permissions. Once the account has been authenticated, NHSmail O365 users will be able to search for and collaborate with the newly created guest user account.
Please Note: If a user has the Guest Inviter and B2B Approver role for a particular organisation, then they will only be able to add/re-invite/restore/delete guest users for that organisation.
Further guidance is available on Guest Access Extention process.
| Last Reviewed Date | 03/03/2023 |
