Skip to main content

Enabling guest collaborators

You can use the role of guest collaborator to grant limited access to vendors and contractors in your enterprise.

About guest collaborators


  • The guest collaborator feature is currently in public beta and subject to change.
  • The guest collaborator role is only available with Enterprise Managed Users.

If your enterprise uses Enterprise Managed Users, you can use the role of guest collaborator to grant limited access to vendors and contractors. For more information, see "Roles in an enterprise."

All repository access for organization members, including guest collaborators, is governed by the base permission policy for the organization. For more information, see "Setting base permissions for an organization."

If you use Microsoft Entra ID (previously known as Azure AD) or Okta for SAML authentication, or if you use Entra ID for OIDC authentication, you may need to update your IdP application to use guest collaborators.

Enabling guest collaborators with Entra ID

  1. Sign into the Microsoft Azure portal.

  2. Click Identity.

  3. Click Applications.

  4. Click Enterprise applications.

  5. Click All applications.

  6. View the details for your Enterprise Managed Users application

  7. In the left sidebar, click Users and Groups.

  8. View the application registration.

    • If the application registration displays the "Restricted User" or "Guest Collaborator" roles, you're ready to invite guest collaborators to your enterprise.
    • If the application registration does not display the roles, proceed to the next step.
  9. In the Azure portal, click App registrations.

  10. Click All applications, then use the search bar to find your application for Enterprise Managed Users.

  11. Click your SAML application.

  12. In the left sidebar, click Manifest.

  13. Under "appRoles", add the following:

      "allowedMemberTypes": [
      "description": "Guest Collaborator",
      "displayName": "Guest Collaborator",
      "id": "1ebc4a02-e56c-43a6-92a5-02ee09b90824",
      "isEnabled": true,
      "lang": null,
      "origin": "Application",
      "value": null

    Note: The id value is critical. If another id value is present, the update will fail.

  14. Click Save.

Enabling guest collaborators with Okta

To add the guest collaborator role to your Okta application:

  1. Navigate to your application for Enterprise Managed Users on Okta.

  2. Click Provisioning.

  3. Click Go to Profile Editor.

  4. Find "Roles" at the bottom of the profile editor and click the edit icon.

  5. Add a new role.

    • For "Display name", type Guest Collaborator.
    • For "Value", type guest_collaborator.
  6. Click Save.

Adding guest collaborators to your enterprise

After you enable guest collaborators, you can add guest collaborators to your enterprise as you would any other user. For more information, see "Configuring SCIM provisioning for Enterprise Managed Users."