Search code examples
azureazure-vmazure-bastion

Azure Bastion: Allow invited user to login to Azure VM

I have created an Azure VM in a VNet. The VM doesn't have any public IP, so the only way to log in is through Azure Bastion Host.

I have invited an external user and provided them the "Virtual Machine user login" access for the VM.

When the user is trying to connect to the VM using Bastion, no field is displayed on the Bastion page.

Can anyone please help me to understand what can be the possible reason for this? Also, what permission do I need to provide to the user to log in to the VM using Bastion Host successfully?

Solution

  • Azure Bastion article shared by @Mr. Annonymous in the comment section has helped me to resolve the issue.

    Link of the article: https://viniciusdeschamps.com.br/grant-access-to-virtual-machine-using-azure-bastion/

    Steps in summary:

    1. Provide the "Virtual Machine User Login" role to the invited user for Virtual Machine.
    2. Provide the "Virtual Machine User Login" role to the invited user for Network Interface Card(NIC) used with the Virtual Machine.
    3. Provide the "Reader" role to the invited user for the Azure Bastion Host used to connect to the Virtual Machine.

    Thanks @Mr. Annonymous