Skip to content

Add guest users

You use Azure AD to add guest users. These users can use standard email addresses, for example Gmail or Yahoo addresses, to sign in.

This section describes how to add guest users individually. You can also add users in bulk. See Add guest users in bulk.

To add a guest user, do as follows:

  1. In the Azure AD dashboard, click Users.

  2. Click New guest user.

    Screenshot of Users page

  3. On the New user dialog, do as follows:

    1. Ensure that Invite user is selected.
    2. Enter the username and email address.
    3. In Personal message, tell the user the URL of your ZTNA user portal (the FQDN of your ZTNA gateway)
    4. In Groups and Roles, click the "0 groups selected" link. In the new window that opens, pick the guest user group you created earlier, and click Select.
    5. Click Invite.

    Azure AD starts the authentication process.


    Ensure that the guest user group is synchronized with Sophos Central.

    Screenshot of New user dialog

  4. The user receives an email invitation in their inbox. They click Accept invitation to access resources.

    Screenshot of email invitation

  5. The user is prompted to sign in to the Microsoft directory. They can sign in with the corporate username and password they use in their own organization.

    If for any reason they don't have an account, they can create an account with a new password.

    Screenshot of Microsoft sign-in screen

  6. After the user signs in, they see the default Microsoft portal.

    They can now go to your ZTNA user portal and access apps assigned to their user group. Alternatively, they can enter an app name directly in their browser to access it.

    Screenshot of user portal