Select the best Azure AD for ISV apps and services ?

%3CLINGO-SUB%20id%3D%22lingo-sub-2149736%22%20slang%3D%22en-US%22%3ESelect%20the%20best%20Azure%20AD%20for%20ISV%20apps%20and%20services%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2149736%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20someone%20help%20on%20choosing%20between%20Azure%20AD%20B2B%20and%20B2C%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20aware%20of%20the%20%22%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fcompare-with-b2c%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ecompare-with-b2c%3C%2FA%3E%22%20doc%20and%20I%20red%20both%20service%20descriptions%2C%20but%20still%20need%20some%20advice...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EOur%20context%20%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EWe%20are%20an%20ISV%20providing%20several%20business%20applications%20and%20services.%3C%2FP%3E%3CP%3ESolutions%20can%20be%20deployed%20on-prem%20or%20hosted%20in%20a%20cloud%20shared%20environment.%3C%2FP%3E%3CP%3EUser%20access%20services%20and%20data%20through%20custom%20apps%20(desktop%20or%20mobile%20apps).%3C%2FP%3E%3CP%3EA%20few%20services%20are%20exposed%20as%20web%20apps%20(not%20main%20products).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20different%20kind%20of%20users%20and%20clients%20%3A%3C%2FP%3E%3CP%3E-%20users%20from%20client%20orgs%20that%20may%20have%20their%20Azure%20AD%3C%2FP%3E%3CP%3E-%20individual%20users%2Fclients%20(small%20and%20individual%20businesses%2C%20not%20really%20%22customers%22%20in%20the%20retail%20meaning)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EOur%20requirements%26nbsp%3B%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EWe%20want%20to%20support%20in-app%20authentication%20for%20%3CEM%3Eall%3C%2FEM%3E%20types%20of%20Microsoft%20accounts%20(a%20%22Log%20in%20with%20Microsoft%22%20button).%3C%2FP%3E%3CP%3EFirst%2C%20we'll%20allow%20existing%20users%20to%20link%20their%20current%20app%20account%20to%20their%20MS%20account.%3C%2FP%3E%3CP%3EWe%20may%20add%20support%20for%20other%20providers%20in%20the%20future%20(Google%2C%20Facebook...).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EOur%20thinking%20%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EWe%20know%20we%20have%20to%20register%20our%20apps%20in%20some%20Azure%20AD%2C%20but%20first%2C%20we%20have%20to%20pick%20one...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20think%20we%20should%20NOT%20use%20the%20current%20Azure%20AD%20from%20our%20organisation.%3C%2FP%3E%3CP%3EIt%20seems%20a%20better%20idea%20registering%20our%20apps%20in%20a%20dedicated%20%22public%20facing%22%20directory%2C%20isolated%20from%20internal%20ressources...%20(this%20directory%20may%20be%20linked%20to%20dedicated%20billing%2C%20subscription%2C%20and%20administrative%20context).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20here%20we%20are%26nbsp%3B%3A%3C%2FP%3E%3CUL%3E%3CLI%3EBoth%20B2B%20and%20B2C%20supports%20the%20current%20authentication%20scenario%20we%20need%20to%20implement%3C%2FLI%3E%3CLI%3EB2C%20seems%20more%20flexible%20for%20linking%20to%20a%20specific%20subscription%20of%20ou%20choice%3C%2FLI%3E%3CLI%3EB2C%20may%20be%20a%20better%20bet%20for%20future%20scenarios%20(new%20user%20signup%2C%20link%20to%20another%20Azure%20AD%20B2B)%26nbsp%3B%3F%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20on%20the%20best%20choice%20to%20make%20here%20%3F%3C%2FP%3E%3CP%3E%3CSTRONG%3EI%20feel%20like%20Azure%20AD%20B2C%20extends%20B2B%20scenarios%2C%20but%20I'm%20not%20shure%20about%20it...%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EWhat%20scenarios%20or%20features%20will%20I%20miss%20if%20I%20opt%20for%20B2C%20%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3CP%3EGeoffrey%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2149736%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Can someone help on choosing between Azure AD B2B and B2C ?

 

I'm aware of the "compare-with-b2c" doc and I red both service descriptions, but still need some advice...

 

Our context :

We are an ISV providing several business applications and services.

Solutions can be deployed on-prem or hosted in a cloud shared environment.

User access services and data through custom apps (desktop or mobile apps).

A few services are exposed as web apps (not main products).

 

We have different kind of users and clients :

- users from client orgs that may have their Azure AD

- individual users/clients (small and individual businesses, not really "customers" in the retail meaning)

 

Our requirements :

We want to support in-app authentication for all types of Microsoft accounts (a "Log in with Microsoft" button).

First, we'll allow existing users to link their current app account to their MS account.

We may add support for other providers in the future (Google, Facebook...).

 

Our thinking :

We know we have to register our apps in some Azure AD, but first, we have to pick one...

 

We think we should NOT use the current Azure AD from our organisation.

It seems a better idea registering our apps in a dedicated "public facing" directory, isolated from internal ressources... (this directory may be linked to dedicated billing, subscription, and administrative context).

 

So here we are :

  • Both B2B and B2C supports the current authentication scenario we need to implement
  • B2C seems more flexible for linking to a specific subscription of ou choice
  • B2C may be a better bet for future scenarios (new user signup, link to another Azure AD B2B) ?

 

Any advice on the best choice to make here ?

I feel like Azure AD B2C extends B2B scenarios, but I'm not shure about it...

What scenarios or features will I miss if I opt for B2C ?

 

Thank you,

Geoffrey

0 Replies