Third party user access to Azure environment

Question

I have an requirement where I need to give access to Azure subscription and resources to third party company. basically we are outsourcing the work to them. I am looking for the best possible way to do it.

is it possible to add the third party team as the guest uses to the Azure subscription/resource group and give them contribute permission? Or there is any other way in terms of security to provide the access to third party users.

Answer 1

is it possible to add the third party team as the guest uses to the Azure subscription/resource group and give them contribute permission?

You provide the access to a third-party company for Azure subscription or resources, add the third-party team as guest users in Azure Active Directory and grant them appropriate permissions by following steps.

1. Invite the external user to Azure AD

2. Create a Dynamic Group for moving all external user to that group automatically based on condition.

Ex: user.userType -contains "Guest or Company name = "your company name"

3. Assign the role to the group on the Azure subscription or resource group.

Note: Assign the role to the group on the Azure subscription or resource group.

4. External users are successfully moved to that group based on the condition.

5. The Contributor role has been assigned at the Subscription scope.

6. Once you provide access to external users, all external users can access Azure resources.

Refer: Assign Azure roles to external guest users using the Azure portal for more details.