This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 62%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
We are trying to create a self service portal for our customers (external users) and the same portal should be accessible by internal users within the organization using AD login so that they don't have to create separate logins. This should also allow login using personal email like outlook.com, live.com, Gmail etc.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Giri, Seshu ,
Thanks for reaching out.
I understand you are trying to create a self-service portal for both external and internal users using Azure AD.
Is it possible to do that? If yes, how?
Yes, it is possible to allow both internal and external users to access the application using B2C functionality. Azure AD B2C supports a wide range of social identity providers, including Facebook, Google, LinkedIn, and Microsoft accounts. You can also enable users from specific Azure AD or multiple Azure AD organizations to access your application using B2C.
Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-identity-provider
How do we maintain permissions in that case?
You should consider using specific attributes that are collected from the user(s) during Sign-up or inserted by RESTful API Connector or set by using Graph API patch calls. Then use the Attribute value to distinguish between the users who should get access to the application and who should not. Once done, you can use claim based authorization.
To deploy your self-service portal to Angular UI, App Service, and SQL Server, you can use Azure App Service and Azure SQL Database. Azure App Service is a fully managed platform for building, deploying, and scaling web apps.
I hope this helps! Let me know if you have any further questions.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Thanks Shweta
Please see the image attached, of course this is AWS but the concept wise is this correct and works? Just switch Cognito with AzureAD B2C?
Yes, this can be achieved using Azure AD B2C. You can refer below to integrate Azure AD SAML to Azure AD B2C
Hope this will help.
Please remember to "Accept Answer" if above answer helped you.