Forum Discussion
Combining Azure B2C and B2B?
- DeletedMar 05, 2018
Hi Bart,
Another solution might be that you leverage Azure AD B2C in the first instance as this required as you need to support external social accounts access to the web application.
As you also require access for your Office 365 (Azure AD) users, then you can add ADFS as a SAML Provider as another one of the IdP's available within your B2C directory as detailed here https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.
This will enable both your external social account users, and your Azure AD based users, access to your web application (with an ADFS implementation required if not already setup).
B2B collaborators can sign in with an identity of their choice. If the user doesn’t have a Microsoft account or an Azure AD account – one is created for them seamlessly at the time for offer redemption
Another option is this project https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-self-service-portal
Hi Dean,
I find it hard to understand the difference between B2C/B2B services and the AAD v2.0 endpoint.
"With Azure Active Directory the v2.0 endpoint, you can protect a Web API using OAuth 2.0 access tokens, enabling users with both personal Microsoft account and work or school accounts to securely access your Web API."
Is this endpoint a light version of B2C? Using this endpoint, external users can also create a (MS) account.
In contrast B2C supports more idp's
"With minimal configuration, Azure AD B2C enables your application to authenticate:
- Social Accounts (such as Facebook, Google, LinkedIn, and more)
- Enterprise Accounts (using open standard protocols, OpenID Connect or SAML)
- Local Accounts (email address and password, or username and password)
"
Bart
- Sarat SubramaniamJul 06, 2017Microsoft
Bart - please have a look at this article for the differences between B2B and B2C.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-compare-b2c
In particular, we will be obliterating the differences in Authentication mechanisms between the two. The differences between B2B and B2C, therefore are about authorization scenarios. So you should ask yourself - what is the scenario you want to enable for the customer and pick the appropriate tech to do so.
I hope the above link will clarify some of this, else holler back on this thread.
- DeletedMar 05, 2018
Hi Bart,
Another solution might be that you leverage Azure AD B2C in the first instance as this required as you need to support external social accounts access to the web application.
As you also require access for your Office 365 (Azure AD) users, then you can add ADFS as a SAML Provider as another one of the IdP's available within your B2C directory as detailed here https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.
This will enable both your external social account users, and your Azure AD based users, access to your web application (with an ADFS implementation required if not already setup).
- Tai BoApr 24, 2018Copper Contributor
Hi Hoani,
I have the same question as Bart.
I realize leveraging Azure AD B2C and use custom policies to add Azure AD as an identity provider would allow both internal users and external users to authenticate. However I also want to allow internal users to access the application via the application portal (https://myapps.microsoft.com). If the user has already signed in to another application via the application portal, the user does not need to sign in again to use the application.
Is this a valid use case and possible? would this be achieved by combining both Azure AD B2B and B2C in a same project?
Thanks,