Forum Discussion
Where we should create Azure AD B2C tenant in an Azure Landing Zone Architecture?
Could you please provide your recommendations for placing an Azure AD B2C tenant for an application in an Azure Landing Zone Architecture?
Thanks,
- keenanbrooksBrass Contributor
Azure AD B2C is Business 2 Consumer, so I am guessing you essentially will have a public facing website for customers to login to? If that's the case, you should make a DMZ subscription with internet traffic coming in via an app-gateway + waf. That's my opinion! The dmz vnet will be peered with the hub/connectivity vnet for management etc.
If I am correct in thinking it's for customers, then you setup the Azure AD B2C tenant & create an app registration and user flows for auth. This parts not really my strong point but this should help as a react example:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-react-spa-app#31-configure-the-react-sample
It doesn't really matter where you create the Azure AD B2C tenant though... Think of it exactly like Entra ID.