Customer Self Service portal authentication and authorization

Giri, Seshu 26 Reputation points
2023-04-19T16:47:10.4466667+00:00

We are trying to create a self service portal for our customers (external users) and the same portal should be accessible by internal users within the organization using AD login so that they don't have to create separate logins. This should also allow login using personal email like outlook.com, live.com, Gmail etc.

  • Is it possible to do that? If yes, how?
  • How do we maintain permissions in that case? Self service portal will be deployed to Angular UI, App Service and Database is SQL Server.
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,672 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,774 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,021 Reputation points Microsoft Employee
    2023-04-24T06:34:50.3633333+00:00

    Hi @Giri, Seshu ,

    Thanks for reaching out.

    I understand you are trying to create a self-service portal for both external and internal users using Azure AD.

    Is it possible to do that? If yes, how?

    Yes, it is possible to allow both internal and external users to access the application using B2C functionality. Azure AD B2C supports a wide range of social identity providers, including Facebook, Google, LinkedIn, and Microsoft accounts. You can also enable users from specific Azure AD or multiple Azure AD organizations to access your application using B2C.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-identity-provider

    How do we maintain permissions in that case?

    You should consider using specific attributes that are collected from the user(s) during Sign-up or inserted by RESTful API Connector or set by using Graph API patch calls. Then use the Attribute value to distinguish between the users who should get access to the application and who should not. Once done, you can use claim based authorization.

    Reference: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/4-WebApp-your-API/4-2-B2C/README.md

    To deploy your self-service portal to Angular UI, App Service, and SQL Server, you can use Azure App Service and Azure SQL Database. Azure App Service is a fully managed platform for building, deploying, and scaling web apps.

    I hope this helps! Let me know if you have any further questions.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.