How to Add a Connected Organization in Microsoft Entra  

When collaborating with external partners, vendors, or clients, providing them access to internal resources, like SharePoint sites or applications, can quickly become complicated. Microsoft Entra Entitlement Management solves this with Connected Organizations, a feature that simplifies how external users request and access your resources. 

A connected organization is essentially a representation of a partner’s identity source (like their Microsoft Entra tenant or a domain) within your directory. By setting them up, you make it easier for their users to request access packages without needing to invite every single person manually.  

I’ll walk through what connected organizations are, when to use them, and how to add and manage one in the Microsoft Entra admin center. 

What Is a Connected Organization? 

A connected organization establishes a relationship between your Microsoft Entra directory and another organization. For their users to access your resources (like SharePoint Online sites or applications), they need a user object in your directory. Entitlement management handles this by bringing them in as B2B guest users on demand when they request an access package. 

There are four ways to define which users belong to a connected organization:  

1. Users in another Microsoft Entra directory (from any Microsoft cloud). 
2. Users from a non-Microsoft directory configured with SAML or WS-Fed identity provider federation. 
3. Users with a shared email domain, such as all users with addresses ending in @contoso.com. 
4. Users with Microsoft Accounts (MSA), like those ending in @live.com, when collaboration is needed with individuals not tied to a single organization. 

Wait let me make it practical. Suppose your company, DashGens wants to collaborate with two partners—Contoso and Graphic Design Institute: 

• Contoso doesn’t use Microsoft Entra ID; its users have email addresses ending with @contoso.com. 
• Graphic Design Institute uses Microsoft Entra ID, and their users have principal names ending with @graphicdesigninstitute.com. 

In this case, you can create two connected organizations, one for each partner and then set up a single access package that both can use to request access to your shared resources. 

This approach saves time, ensures consistent access management, and provides a clear governance model for external collaboration. 

How to Add a Connected Organization in Microsoft Entra ID 

You must sign in to the Microsoft Entra admin center as at least an Identity Governance Administrator. Follow these steps to add a connected organization in the Microsoft Entra admin center. 

1. Sign in to the Microsoft Entra admin center and browse to ID Governance > Entitlement management > Connected organizations.
2. Click Add connected organization.

3. Under the Basics tab, enter a Display Name and Description for the organization (for example, Contoso External Collaboration).
4. The State will default to Configured. This means the organization is ready for use.
5. Switch to the Directory + domain tab and select Add directory + domain.
6. In the search box, type the external organization’s domain: for example, contoso.com. You must enter the entire domain name. 

• Microsoft Entra will detect if that domain is linked to an existing Entra tenant. 
• If it finds one, the Authentication type will be Microsoft Entra ID. 
• If not, users will authenticate using email one-time passcodes. 

7. Select Add, then Select to confirm. You can add multiple directories or domains here.

Note: The authentication type is critical. Microsoft Entra ID allows any user from that tenant (and its verified domains) to request access. One-time passcode (domain) only allows users with an email from that specific domain to request access after authenticating with a passcode.  

8. Add Sponsors (Optional but Recommended)

• Sponsors are points of contact who manage the relationship with that organization. 
  • Internal sponsors – Members from your organization. 
  • External sponsors – Guest users from the connected organization who were previously invited. 

• Add sponsors through the Sponsors tab. They can also act as approvers when external users request access packages. 

9. Review and Create Tab: Review all your settings for the new connected organization, and click Create.

 Your connected organization is now configured! 

How to Use the Connected Organization 

Once created, you can use the connected organization when configuring an Access Package Assignment Policy. When setting the policy for users not yet in your directory, select the option for Specific connected organizations and choose the ones you just created.  

This ensures that only individuals whose identity source matches one of your specified connected organizations are able to request the access package, giving you fine-grained control over external collaboration. 

Connected organizations are a powerful way to manage external access efficiently and securely. By setting them up in Microsoft Entra Entitlement Management, you can streamline collaboration without losing control over who gets in and how.