Hi @Giri, Seshu ,
Thanks for reaching out.
I understand you are trying to create a self-service portal for both external and internal users using Azure AD.
Is it possible to do that? If yes, how?
Yes, it is possible to allow both internal and external users to access the application using B2C functionality. Azure AD B2C supports a wide range of social identity providers, including Facebook, Google, LinkedIn, and Microsoft accounts. You can also enable users from specific Azure AD or multiple Azure AD organizations to access your application using B2C.
Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-identity-provider
How do we maintain permissions in that case?
You should consider using specific attributes that are collected from the user(s) during Sign-up or inserted by RESTful API Connector or set by using Graph API patch calls. Then use the Attribute value to distinguish between the users who should get access to the application and who should not. Once done, you can use claim based authorization.
To deploy your self-service portal to Angular UI, App Service, and SQL Server, you can use Azure App Service and Azure SQL Database. Azure App Service is a fully managed platform for building, deploying, and scaling web apps.
I hope this helps! Let me know if you have any further questions.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.