Azure B2C and B2B

Mike 251 Reputation points
2023-08-02T17:17:36.9966667+00:00

I am new to B2C and currently we have a requirement in which we would allow external party to be able to access the application, as well as our own users in our main tenant.

The way I imagined it, is that I can setup an external IDP such as an external Azure AD and then for any application that we register, we can federate the authentication with an external AD with any application we register, and for any other accounts we will just create it locally. When I created my first instance of B2C, go to users, I see my account from our main tenant as an Admin. I imagined that I will have all the users here from our main tenant, and by the user sign in flow, allow them to access all the apps we register. Is this even doable?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-08-03T07:52:50.5+00:00

    Hi @Mike

    Thanks for reaching out.

    Azure AD B2B collaboration is intended for organizations that want to be able to authenticate users from partner/supplier organization, regardless of the identity provider, and be able to manage the lifecycle of those guest users. These accounts are managed in the same directory as employees, and can be added to the same groups and resources.

    Azure AD B2C is intended for commerce and other interactions with consumers, citizens, or members of another group that does not require access to internal resources. These accounts are managed in a separate B2C directory and are completely separate from your internal user accounts. B2C accounts are a customer lifecycle: they are either managed by the customer, or directly by the application.

    Regarding your question about federating authentication with an external AD, you can add identity providers that are supported by Azure Active Directory B2C (Azure AD B2C) to your user flows using the Azure portal**.**

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow

    As for your question about seeing all the users from your main tenant in the B2C users list, which is not possible. Azure AD B2C is a separate directory from your main tenant, and it has its own set of users. You can create users in Azure AD B2C, or you can use an external identity provider to authenticate users.

    You can set up Azure AD or similar external providers to allow users from Azure AD to sign into your B2C application.

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


1 additional answer

Sort by: Most helpful
  1. Vahid Ghafarpour 23,385 Reputation points Volunteer Moderator
    2023-08-02T17:42:37.79+00:00

    For sure, you can create user flows for your requirement:

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.