cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Combining Azure B2C and B2B?

bart vermeersch
Steel Contributor

‎May 24 2017 07:42 AM - last edited on ‎Jan 14 2022 04:49 PM by

‎May 24 2017 07:42 AM - last edited on ‎Jan 14 2022 04:49 PM by

Combining Azure B2C and B2B?

I'm trying to get my head around Azure B2C and B2B.

 

We are building a web app to be used by both internal (O365 users) and external users. Most of the external users will be individuals or employees of social profits without an identity provider.

 

If we go for B2C, external users can leverage their existing social accounts, but our internal users will not be able to use their O365 accounts?

 

If we go for B2B, our internal users can use SSO, but most external users will have to create a guest account using a self-service portal we provide?

 

Is it feasible to combine both methods, will it be complex to implement or is there another possibility to support both organizational/work accounts and social accounts?

 

Thank you for your feedback!

Labels:
15.7K Views
0 Likes
5 Replies
Reply
5 Replies
Dean Gross

‎Jun 01 2017 12:48 PM

‎Jun 01 2017 12:48 PM

Re: Combining Azure B2C and B2B?

B2B collaborators can sign in with an identity of their choice. If the user doesn’t have a Microsoft account or an Azure AD account – one is created for them seamlessly at the time for offer redemption

 

Another option is this project https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-self-service-portal

 

3 Likes
Reply
bart vermeersch

‎Jun 02 2017 05:11 AM

‎Jun 02 2017 05:11 AM

Re: Combining Azure B2C and B2B?

Hi Dean,

 

I find it hard to understand the difference between B2C/B2B services and the AAD v2.0 endpoint.

 

"With Azure Active Directory the v2.0 endpoint, you can protect a Web API using OAuth 2.0 access tokens, enabling users with both personal Microsoft account and work or school accounts to securely access your Web API."

 

Is this endpoint a light version of B2C? Using this endpoint, external users can also create a (MS) account.

 

In contrast B2C supports more idp's

 

"With minimal configuration, Azure AD B2C enables your application to authenticate:

  • Social Accounts (such as Facebook, Google, LinkedIn, and more)
  • Enterprise Accounts (using open standard protocols, OpenID Connect or SAML)
  • Local Accounts (email address and password, or username and password)

"

 

Bart

0 Likes
Reply
Sarat Subramaniam

‎Jul 06 2017 07:05 AM

‎Jul 06 2017 07:05 AM

Re: Combining Azure B2C and B2B?

Bart - please have a look at this article for the differences between B2B and B2C.

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-compare-b2c

 

In particular, we will be obliterating the differences in Authentication mechanisms between the two. The differences between B2B and B2C, therefore are about authorization scenarios. So you should ask yourself - what is the scenario you want to enable for the customer and pick the appropriate tech to do so.

 

I hope the above link will clarify some of this, else holler back on this thread.

1 Like
Reply
best response confirmed by bart vermeersch (Steel Contributor)

‎Mar 04 2018 08:31 PM

‎Mar 04 2018 08:31 PM

Solution

Re: Combining Azure B2C and B2B?

Hi Bart,

 

Another solution might be that you leverage Azure AD B2C  in the first instance as this required as you need to support external social accounts access to the web application.

 

As you also require access for your Office 365 (Azure AD) users, then you can add ADFS as a SAML Provider as another one of the IdP's available within your B2C directory as detailed here https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs20....

 

This will enable both your external social account users, and your Azure AD based users, access to your web application (with an ADFS implementation required if not already setup).

0 Likes
Reply
Tai Bo

‎Apr 24 2018 01:31 PM

‎Apr 24 2018 01:31 PM

Re: Combining Azure B2C and B2B?

Hi Hoani, 

I have the same question as Bart.

I realize leveraging Azure AD B2C and use custom policies to add Azure AD as an identity provider would allow both internal users and external users to authenticate.  However I also want to allow internal users to access the application via the application portal (https://myapps.microsoft.com). If the user has already signed in to another application via the application portal, the user does not need to sign in again to use the application.

Is this a valid use case and possible?  would this be achieved by combining both Azure AD B2B and B2C in a same project?

Thanks,

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by bart vermeersch (Steel Contributor)

‎Mar 04 2018 08:31 PM

‎Mar 04 2018 08:31 PM

Solution

Re: Combining Azure B2C and B2B?

Hi Bart,

 

Another solution might be that you leverage Azure AD B2C  in the first instance as this required as you need to support external social accounts access to the web application.

 

As you also require access for your Office 365 (Azure AD) users, then you can add ADFS as a SAML Provider as another one of the IdP's available within your B2C directory as detailed here https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs20....

 

This will enable both your external social account users, and your Azure AD based users, access to your web application (with an ADFS implementation required if not already setup).

View solution in original post

0 Likes
Reply