Configuring Sponsors for Guest User (B2B) and External Member (B2B)
The sponsor feature helps manage B2B users in your directory by tracking who is responsible for each guest user. While entitlement management can monitor guests from certain domains, it does not cover guests outside of these specific areas. With the sponsor feature, you can assign a person or group to every guest user, which helps track who invited them and promotes accountability.
The Sponsors field on the user object identifies the person or group tasked with managing and overseeing the user's lifecycle, ensuring they have the correct access to resources. Being a sponsor does not confer administrative powers to the sponsor user or group. However, it can be utilized for approval processes in entitlement management and for custom solutions, but it provides no other built-in directory powers.
Supported Features
Aggregation and provisioning of sponsors for Guest User (B2B) and External Member (B2B).
Adding Sponsors to the Source
To use this feature, you must manually add the sponsor attributes to the Account Schema for the Microsoft Entra source.
|
Attribute |
Type |
Read/Write |
Description |
|---|---|---|---|
|
|
String (multi-valued) |
Read-only |
Returns each sponsor as a JSON object containing |
|
|
String (multi-valued) |
Read + Write |
Returns and accepts the UPN of each user-type sponsor. For example, |
|
|
String (multi-valued) |
Read + Write |
Returns and accepts the Object ID of each group-type sponsor. |
Note
To provision sponsors, use sponsors.users for user-type sponsors and sponsors.groups for group-type sponsors. The sponsors attribute is read-only and cannot be used for provisioning.
For more information, refer to Editing an Account Schema.
Provisioning
When provisioning a Microsoft Entra user as a sponsor, add the sponsors.users attribute to the Account Schema and provide the user's User Principal Name (UPN). For example, someone@example.com.
When provisioning a Microsoft Entra group as a sponsor, add the sponsors.groups attribute to the Account Schema and provide the group's Object ID.
Both attributes support Add, Remove, and Set operations. A Set operation on sponsors.users replaces only the user-type sponsors, leaving any group sponsors intact, and vice versa for sponsors.groups.