Skip to content

Using Azure B2B integration

Sophos ZTNA integrates with Azure B2B (Business to Business) to provide an easy way to manage guest users and user groups and control their access to your apps.

Here are some of the features that Azure B2B integration offers.

Main features

If you follow the steps in this guide, you'll have these features.

External identities

You can use Azure Active Directory (Azure AD) to give access to users outside the organization.

Guest users don't need credentials within the main organization to access apps. Azure AD supports email IDs from Gmail, Yahoo, and others.


Azure AD handles the complete authentication process. Neither your organization nor the guest users need to do anything.

Guest groups always up to date

If you've set up ZTNA as described in Setup, any change you make in your user groups in Azure AD is synchronized automatically with Sophos ZTNA. This ensures that guest users don't retain their access after you remove them.

Advanced features

Azure B2B integrations offer advanced features for more flexible access control. Follow our links to Azure documentation to find out more.

Multi-factor authentication

Azure AD supports multi-factor authentication (MFA). The following types of MFA are available.

  • Microsoft authenticator app
  • Windows Hello for Business
  • OATH token (hardware and software)
  • FIDO2 security key
  • Voice call
  • SMS

See Secure user sign-in events with Azure AD Multi-Factor Authentication.

Self-service sign-up

You can create a self-service sign-up user flow for external users. You can use APIs to set it up.

See Self-service sign-up.

Independent access control

Using Azure AD helps app owners and group owners to manage access independently. They can add users for their own app without giving access to other apps in the organization.

See How users in your organization can invite guest users to an app.