How to roll out guest account management in your org

Hello, EasyLife! Since the beginning of this year, EasyLife has supported life cycle management for guest accounts in your Azure Active Directory. Over the past months, we worked with various partners and customers during the rollout of this feature and developed an easily workable approach for organizations of different sizes along the way.

Getting started

If you haven't done so, now is the time to enable guest account management and update EasyLife's permissions.

As soon as the feature is enabled, you will see buttons for Guest Accounts under both Templates and Policies in the EasyLife cockpit.

Create a guest account policy

Create a policy for your guest accounts. This policy will be assigned to new guest accounts that are invited through EasyLife. You can find more information about guest account policies in the docs.

Create a rollout policy

Create another policy with the following minimal configuration. You will assign this policy to any existing guest accounts. This policy will try to find an owner for existing accounts using EasyLife's auto-heal feature and subsequently ask the owner to assign a template to their guest accounts.

In the EasyLife cockpit go to Policies, Guest Accounts. Click Create a policy. In the Details tab, give the new policy a name such as Rollout Policy and set it to Active.

Click on Ownership and check the box next to Audit log under Auto Heal. Uncheck the box next to Notify new owners when assigned. Enter an email address that will be notified if auto heal can't identify an owner under Escalations.

Click on Guest Template and enable the policy by checking the box next to Enable policy. Set the Trigger to 0, and add an email address under Actions.

Click Save changes to create the policy.

Create a guest account template

Create a template for your guest accounts. Your users will use this template to invite new guest accounts using the EasyLife app. You can find more information about guest account templates in the docs.

Ready for new guests!

Nice, you are almost done. Your users can invite new guest accounts using the template you just created. The guest account policy will automatically be attached to all newly invited guest accounts, ensuring they follow your governance. Now let's bring existing guest accounts into our governance, too.

How to clean up existing guest accounts and bring them under management?

Easy! That's what we will use the rollout policy for. Just assign the rollout policy to an existing guest account through the Manage tab in the EasyLife cockpit to try it out.

Here's what's going to happen:

  1. As soon as you assign the policy, EasyLife's auto-heal feature will try to assign an owner to the guest account
  2. During the next policy cycle (overnight), the owner will be notified about the assignment and asked to select a template for their guest account.
  3. EasyLife will help the owner fill in the required information, such as first and last name, company name, and any other attributes defined as mandatory in the template.
  4. Once the owner fills in the information, EasyLife updates the data in your Azure AD and assigns the template's policy to the guest account.
  5. Done! We just updated your existing guest account, keeping your Azure AD nice and tidy and ensuring it follows your governance.

Please inform your users about the rollout before using the EasyLife cockpit to assign the rollout policy to existing guest users. In larger organizations, we have used an Automation Runbook to assign the rollout policy to existing guest accounts in batches.

Please contact us if you have questions or require assistance during your rollout.

Thanks for reading!

Other Articles