Possibility to have a different Entra ID Tenant for external users

Hi,

A while ago, we evaluated Nerdio MSP and now we’re planning to use NMM for our production environment.

We really like the possibility to allow our customers to access their own account and use Nerdio to manage their AVD environment. Due to some security restrictions, we’re not allowed to create external guest accounts within the tenant which hosts NMM.

If I got that right, having guest accounts however is a requirement for this feature.

 

So, my question is if there’s any workaround for this? Is it maybe possible to have a second Entra ID Tenant (where guest access is allowed), to manage identity for external users?

 

Regards,

Philipp

0

Comments (2 comments)

Avatar
Gido Veekens

Hi Philipp.

Interesting question. Nerdio Manager is tightly integrated with the tenant that hosts the App Service. Adding a second tenant will add a lot of complexities. Think of application permissions, authentication, RBAC, etc. It's currently not on our roadmap, but I've added it to our backlog to consider and investigate the feasibility.

In the meantime, my suggested approach is to make sure that NMM is deployed to a subscription in a tenant which allows guest use for this scenario to work.  Before taking the existing install into production, please consider introducing a secondary tenant with a subscription to deploy a new NMM install and use that instead. Since you mention that you are preparing production use, I'm assuming no customer impact is to be expected yet. This way, there will be no dependency on the tenant that has limited guest use configured. I hope this helps.

0
Avatar
Philipp Mair
(Edited )

Hi Gido,

thanks for your response. I already thought that this won't be so easy to implement and maybe it won't even make sense...

I'm not sure however if I understood your suggestion right. Do you mean, that we just should keep 2 NMM installs (1 tenant with guest users and 1 without)?

0

Please sign in to leave a comment.