Skip to main content

πŸ” Granting Access to Neo Agent for External (Guest) Users

Sometimes, you may want to give access to Neo Agent to an external user, such as a contractor or third-party support engineer. This guide explains how to add them as a Guest User in your Microsoft Entra ID (formerly Azure AD) tenant and limit their access so they can only use the Neo Agent web app.

βœ… Step 1: Add External User as a Guest in Azure AD​

  1. Go to the Microsoft Entra admin center:
    πŸ‘‰ https://entra.microsoft.com

  2. In the left-hand menu, navigate to:
    Identity > Users > All users

  3. Click on the arrow next to the New user button and select Invite external user

  4. Fill out the form:

    • Display Name: Full name of the user
    • Email: External email address (e.g., Gmail, or another company domain)
    • You may optionally personalize the invitation message.

  5. Click Invite

Inviting an external user in Microsoft Entra ID

βœ… Step 2: Assign Guest User to the Neo Agent App​

  1. In the Entra Admin Center, go to:
    Applications > Enterprise applications

  2. Search for Neo Agent, and click into the app.

    • Application ID: 3da03a86-b850-4c07-96e5-7590022efe11

  3. Go to:
    Users and groups > Add user/group

  4. Select the newly added guest user.

  5. (Optional) If you've defined App Roles in your Neo Agent App Registration (e.g., Viewer, Admin), assign the appropriate role here.

  6. Click Assign

Assigning guest user to Neo Agent app in Microsoft Entra ID

βœ… Step 3: Restrict Access to Everything Else (Optional but Recommended)​

When you invite a guest user (external user) into your Microsoft Entra ID tenant, they have zero access by default to your resources.

To ensure the guest user only accesses Neo Agent:

  • Do not assign them to any other Azure groups or roles.
  • Avoid assigning any Azure roles like Contributor or Reader.

βœ… Step 4: Let the Guest User Log In​

The guest user will receive an invite email from Microsoft. Once accepted, they can:

  1. Sign in to the Neo Agent web app via your standard login URL: πŸ‘‰ https://dashboard.neoagent.io
  2. Use Microsoft OAuth just like your internal users.

If they encounter an "Access Denied" error:

  • Verify they accepted the invite.
  • Check that they are assigned to the Neo Agent enterprise app.
  • Review Conditional Access policies that may block them.

❓ FAQ​

Q: Can I use a Gmail or Outlook address for the guest user?
βœ… Yes. Microsoft Entra supports any email via its B2B system. If the user doesn’t have a Microsoft account, they'll be prompted to create one.

Q: Can I revoke access later?
βœ… Yes. You can:

  • Remove them from the Neo Agent application.
  • Delete the user entirely from your directory if needed.