Use Case

Let in a set of Vendor Engineers into your Azure Subscription (typically with GLOBAL READER permissions)

Steps in Entra and in Azure

  1. Set up SSO using the vendor’s email id as the UUID.
  2. Grant them GUEST User licenses – into your Entra Tenant
  3. Put all these VENDOR GUESTS into a single AAD User Group.
  4. Now use RBAC to grant this user group Azure resource permissions.