Using Azure B2B integration
Sophos ZTNA integrates with Azure B2B (Business to Business) to provide an easy way to manage guest users and user groups and control their access to your apps.
Here are some of the features that Azure B2B integration offers.
If you follow the steps in this guide, you'll have these features.
You can use Azure Active Directory (Azure AD) to give access to users outside the organization.
Guest users don't need credentials within the main organization to access apps. Azure AD supports email IDs from Gmail, Yahoo, and others.
Azure AD handles the complete authentication process. Neither your organization nor the guest users need to do anything.
Guest groups always up to date
If you've set up ZTNA as described in Setup, any change you make in your user groups in Azure AD is synchronized automatically with Sophos ZTNA. This ensures that guest users don't retain their access after you remove them.
Azure B2B integrations offer advanced features for more flexible access control. Follow our links to Azure documentation to find out more.
Azure AD supports multi-factor authentication (MFA). The following types of MFA are available.
- Microsoft authenticator app
- Windows Hello for Business
- OATH token (hardware and software)
- FIDO2 security key
- Voice call
You can create a self-service sign-up user flow for external users. You can use APIs to set it up.
See Self-service sign-up.
Independent access control
Using Azure AD helps app owners and group owners to manage access independently. They can add users for their own app without giving access to other apps in the organization.