This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 95%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
I'm working on a feasibility study and have been going through the documentation and other forums for a while now, and even if there are many things mentioned here and there online, I'm are still not able to get anything conclusive when it comes to using Azure AD B2C as a common gateway for multiple types of users.
More specifically, I would like to detail below our current and proposed implementation and get some valuable and holistic suggestions from the experts on the same.
The current implementation is:
Single-tenant
3 client applications and a restful web service(monolith).
IdentityServer 4 is used for SSO and as the identity provider. Authentication is done in 2 ways:
The proposed solution to be:
Multi-tenant support
Containerized
Migration from monolith to microservices
And possibly replace IdentityServer 4 with a better SaaS solution like Azure AD B2C where users can log in (SSO) to the system using "their own" credentials (corporate or social).
I'm really stuck and confused and thinking about the feasibility when it comes to the IdentityServer 4 and Azure AD B2C thing.
I'm adding below some specific questions and would like to get your suggestions/comments on the items:
1) FOA, Is it a good thought to replace IdentityServer 4(WS FED) with a SaaS solution like Azure AD B2C?
2) Are there any things to consider that I might be missing regarding the design thought of replacing IdentityServer 4 with Azure AD B2C?
3) Can you all please share your thoughts on the orchestration of multiple tenants on a high level if we use B2C.
For e.g., A new tenant may come with existing users on-prem AD or on AD itself or it may be using some other directory service. In this case what should be the design approach to make the system properly extensible. Also, It would be great if somebody could share his/her knowledge/experience around building multi-tenanted systems with Azure AD B2C.
4) I had posted a question about the topology feasibility on the MS forum [ https://learn.microsoft.com/en-us/answers/questions/721039/azure-ad-b2c-are-these-topologies-supported.html ] but got no responses.
Can somebody have a look at the same and share your thoughts?
5) How will Azure AD B2C federate with users on-prem AD, via ADFS or on-prem AD and Azure AD combination (Federation to ADFS and password hash sync enabled, WS-FED licensing used) ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Jose Francis ,
It is definitely feasible to replace IdentityServer 4 with B2C. Both services can get the job done and some of the pros and cons of each are discussed here.
As for your question about ADFS, you can enable ADFS service on your server, add Relying Parties, and make B2C consume and allow your Active Directory users to login with B2C as described here.