The NHSmail Guest Access process is designed to enable collaboration between NHSmail organisations and their external partners. The process is designed to facilitate collaboration whilst maintaining the integrity and security of the NHSmail shared tenant for all organisations.
For a full overview of Guest Access capabilities and the end-to-end Guest Access process refer to the Introduction to Guest Access page.
Guest Partnering Agreement
The Guest Partnering Agreement forms a key part of the new Guest Access process.
Guest Organisation – organisation outside NHSmail that the Requestor Organisation wishes to collaborate with.
Requestor Organisation – NHSmail organisation that wishes to collaborate with an external partner via Guest Access.
Guest Partnering Agreement (GPA) – a formal document outlining the responsibilities of the Requestor and Guest Organisations in relation to the provision of Guest Access.
Data Security Protection Toolkit (DSPT) – Data Security Protection Toolkit. Completion of the DSPT is required for the Guest Organisation to meet the criteria for Guest Access. Further information on DSPT requirements by organisation type can be found on the DSPT information site.
ODS code – Organisational Data Services code. Required for the Guest Organisation to meet the criteria for Guest Access and complete the DSPT. Codes can be requested via the ODS team.
Authorised Signatory – the person authorised to sign the GPA on behalf of the Requestor/Guest Organisation. For Guest Access, this should be someone at Director level at both the Requestor Organisation and Guest Organisation respectively.
Single Point of Contact (SPOC) – a person or department service as the co-ordinator or focal point for information. For Guest Access, this should be the person or department responsible for raising Azure B2B allow listing requests for Guest Access.
Guest Access – Guidance and Process Flow
High-level Guest Access process
External partners who wish to collaborate with an NHSmail organisation must:
- Find a NHSmail organisation to act as sponsor for the Azure B2B allow list request
- Agree with the NHSmail sponsor that this organisation will act as the Requestor Organisation for the GPA
- Have their own ODS code
- Have a completed DSPT submission
The process begins with the Requestor Organisation raising an Azure B2B allow list request for the Guest Organisation’s external domain.
If the external domain meets the initial review criteria, the NHSmail Feedback team will respond to the Requestor Organisation via the Azure B2B allow list notification with a copy of the GPA and details of the additional criteria that Guest Organisations must adhere to.
Once completed and signed, the GPA, along with supporting evidence that the Guest Organisation meets the other required criteria should be returned to the NHSmail Feedback team (firstname.lastname@example.org). This will be reviewed and if successful, the external domain will be approved and added to the allow list.
The process then reverts back to the Requestor Organisation to set up an Eligible Guest Inviter group and create guest access accounts for the relevant members of the Guest Organisation.