Azure Active Directory (Azure AD) is making things easier to collaborate with external users (guest) by supporting email one-time password.

This new capability (in preview) allows external users (guests) to sign in and authenticate against your Azure AD using a one time password (OTP) send by email when they do not have already a Microsoft corporate account (Azure AD), Google ID or Microsoft personal account (MSA).

Each time such guest will need to authenticate and access your Azure AD, he will receive an email with the one-time password to use to be authenticated.

NOTE once the ‘email OTP’ guest has been authenticate, he can stay logged for 24 hours before having to authenticate again.

You can even apply additional security layers by using conditional access and/or multi factor authentication (MFA).

To enable this new capability access your Azure AD administration portal (https://aad.portal.azure.com/) or from your Azure administration portal (https://portal.azure.com) and reach out your Azure Active Directory\Organizational relationship configuration blade

image

Then access the Settings configuration blade and enable the new ‘Email One-Time Password for guest’ option

image

When the external user will redeem the invitation, he will get the notification that a code will be send to his email address

image