In our mechanical engineering company we are building a customer portal, where our customers should find their documentation for their equipment.
This documentation is natively hosted in our SharePoint Online. Here we create a site collection for each machine where all documentation is hosted.
To provide the customer access to those documents, we would create a web application where the customer has to sign in with Azure B2B (not B2C).
After the sign in process the user will automatically be added as a guest with visit-permission to the site collections of all the machines they have.
The user would not directly visit the site collection, but a REST-call to fetch the documents with their metadata should work to display the files in our own web application.
Important: Customers can also invite other users of their own organisation to give other employees access to the portal. We could use the B2B API for this.
Everytime the customer "adds" a new user, this user will be added as a guest and will be added automatically also to the same site collections.
We have the skills to develop something like that. Only question: Is Azure B2B made for this? Can we do it like this?
In Azure B2C no access to SharePoint Online (or generally 365) is possible.
For this reason I hope that our approach can work.
When using Azure B2C we would have to write our own service that accesses SharePoint in the background via client credential flow (with a certificate) and return the docs through this "reroute". This approach is harder and would also not allow the customer to visit SharePoint. But in this case users would not have to be guest users... We could clearly seperate "internal" and "guest users" with two different tenants. Nevertheless: I prefer the first approach. What do you think? Any security concerns?