Forum Discussion
Combining Azure B2C and B2B?
I'm trying to get my head around Azure B2C and B2B.
We are building a web app to be used by both internal (O365 users) and external users. Most of the external users will be individuals or employees of social profits without an identity provider.
If we go for B2C, external users can leverage their existing social accounts, but our internal users will not be able to use their O365 accounts?
If we go for B2B, our internal users can use SSO, but most external users will have to create a guest account using a self-service portal we provide?
Is it feasible to combine both methods, will it be complex to implement or is there another possibility to support both organizational/work accounts and social accounts?
Thank you for your feedback!
Hi Bart,
Another solution might be that you leverage Azure AD B2C in the first instance as this required as you need to support external social accounts access to the web application.
As you also require access for your Office 365 (Azure AD) users, then you can add ADFS as a SAML Provider as another one of the IdP's available within your B2C directory as detailed here https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.
This will enable both your external social account users, and your Azure AD based users, access to your web application (with an ADFS implementation required if not already setup).
B2B collaborators can sign in with an identity of their choice. If the user doesn’t have a Microsoft account or an Azure AD account – one is created for them seamlessly at the time for offer redemption
Another option is this project https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-self-service-portal
Hi Dean,
I find it hard to understand the difference between B2C/B2B services and the AAD v2.0 endpoint.
"With Azure Active Directory the v2.0 endpoint, you can protect a Web API using OAuth 2.0 access tokens, enabling users with both personal Microsoft account and work or school accounts to securely access your Web API."
Is this endpoint a light version of B2C? Using this endpoint, external users can also create a (MS) account.
In contrast B2C supports more idp's
"With minimal configuration, Azure AD B2C enables your application to authenticate:
- Social Accounts (such as Facebook, Google, LinkedIn, and more)
- Enterprise Accounts (using open standard protocols, OpenID Connect or SAML)
- Local Accounts (email address and password, or username and password)
"
Bart
- Sarat Subramaniam
Microsoft
Bart - please have a look at this article for the differences between B2B and B2C.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-compare-b2c
In particular, we will be obliterating the differences in Authentication mechanisms between the two. The differences between B2B and B2C, therefore are about authorization scenarios. So you should ask yourself - what is the scenario you want to enable for the customer and pick the appropriate tech to do so.
I hope the above link will clarify some of this, else holler back on this thread.
