Using Azure B2B integration
Sophos ZTNA integrates with Azure B2B (Business to Business) to provide an easy way to manage guest users and user groups and control their access to your apps.
Here are some of the features that Azure B2B integration offers.
Main features
If you follow the steps in this guide, you'll have these features.
External identities
You can use Azure Active Directory (Azure AD) to give access to users outside the organization.
Guest users don't need credentials within the main organization to access apps. Azure AD supports email IDs from Gmail, Yahoo, and others.
Authentication
Azure AD handles the complete authentication process. Neither your organization nor the guest users need to do anything.
Guest groups always up to date
If you've set up ZTNA as described in Setup, any change you make in your user groups in Azure AD is synchronized automatically with Sophos ZTNA. This ensures that guest users don't retain their access after you remove them.
Advanced features
Azure B2B integrations offer advanced features for more flexible access control. Follow our links to Azure documentation to find out more.
Multi-factor authentication
Azure AD supports multi-factor authentication (MFA). The following types of MFA are available.
- Microsoft authenticator app
- Windows Hello for Business
- OATH token (hardware and software)
- FIDO2 security key
- Voice call
- SMS
See Secure user sign-in events with Azure AD Multi-Factor Authentication.
Self-service sign-up
You can create a self-service sign-up user flow for external users. You can use APIs to set it up.
See Self-service sign-up.
Independent access control
Using Azure AD helps app owners and group owners to manage access independently. They can add users for their own app without giving access to other apps in the organization.
See How users in your organization can invite guest users to an app.