Associated Engineering Manages Projects with Office 365 and Azure AD B2B

​​Associated Engineering (www.ae.ca) is a uniquely Canadian and award-winning consulting firm providing services in planning, engineering, environmental science, landscape architecture, project management, and asset management. Established in Edmonton more than 70 years ago, today Associated Engineering has around 900 staff in 21 offices across Canada. Some of their projects include planning, studies, assessments, design, construction, training, and operational assistance.

For just one of our projects, we are responsible for providing 150 people across 15 organizations with a stable, shared online workspace for the next 7 years. If, for any reason, the site fails and causes work stoppage, we incur significant financial penalties. We’ve partnered with Envision IT and Microsoft’s Office 365 to ensure this never happens.

​As a consulting company, a large part of Associated Engineering's engineering and environmental consulting services involve working with external parties (clients, contractors, agencies, and others). AE cooperates on projects of various sizes and durations. This requires efficient collaboration and communication between teams, which can span many disciplines through the course of a project.

Providing access to these external teams in a secure and sustainable manner was a constant challenge, involving both the business and IT in an overly complicated process.

Like many organizations, AE started their SharePoint experience with a pilot project that quickly became production. This became the home to many project sites, including the company's largest ever multi-year construction project, with hundreds of external users. Lacking high availability and disaster recovery, this presented significant risk to the organization.

Access for the external teams was provided through a combination of Extranet User Manager's and Microsoft's Azure AD B2B. Azure AD B2B was used to provide the following:

  • Invitation process to invite external partners into the Office 365 SharePoint Online sites
  • Partners use their own Azure AD credentials, or if they don't have any, they are provisioned as part of the invitation process by Microsoft
  • No additional licensing is needed for the external users
  • Standard SharePoint permissions can be used to manage access to the SharePoint sites

This is then further extended by Extranet User Manager:

  • EUM provisions one or more Azure AD groups for each SharePoint site
  • Site owners are made owners of the EUM groups
  • This allows delegation of the invitation process to the site owners, without giving them full control of the SharePoint site
    • This then results in effective governance within SharePoint
  • A friendly user and group management portal in EUM, with full auditing
  • Invitation experience is fully customized by EUM

In addition to the above, a highly available and scalable solution was rolled out on the Office 365 platform, utilizing SharePoint Online. A site request form, automated provisioning (including automation of EUM), and a projects landing page were all part of the solution. More details on the project sites and their provisioning is available on the Envision IT website.