So at my current CE project, we want to work with guest user access in CE. This company uses an external company to process incoming e-mail and phone calls. They would like the users from the external company to directly login to their CE instance and do their jobs. This can be done perfectly by the new guest user feature in CE.
Now from a maintenance perspective in Azure Active Directory, you’d like these specific guest users to be in a separate group, so you have them grouped together and can maintain them all together. That would mean you have two security groups with users that need to access the same CE instance. Unfortunately, you can only have one security group setup for accessing one CE instance… :-(.
But wait, what about nested security groups! I created a third security group and made two other security groups member of the third. But when I added the third security group to the CE instance, nobody could login anymore… There was the gap: nested security groups are simply not supported. So we ended up with one security group that had all users in it. Not particularly Azure Active Directory best practice, but it worked 🙂
Also want support for multiple or nested security groups? Good! Vote for my idea here.