Confusion in Azure Authentication Services: Which One is Best for My End-User Application?

32kms 20 Reputation points
2023-11-12T05:51:17.4133333+00:00

Hello community!

I am currently immersed in the development of an end-user-oriented web page, using a variety of Azure services and technologies. These include Azure App Service for the web application, Azure Blob Storage for static files, Azure Maps for geolocation, Azure Database for MySQL as the database, Azure Communication Services for sending emails to users and facilitating communication between them through an internal chat, and Blazor Server for deployment.

In this process, I have reached the crucial point of choosing an authentication service for the application. My goal is to implement a classic login system without linking to other services, but I would also like to offer users the option to log in and register through external platforms such as Google, Microsoft, etc.

Initially, I considered Azure AD B2C as the most suitable service for my needs. However, when exploring the documentation, I found redirects to Azure AD and Microsoft Enter, which has increased my confusion about which service would be most appropriate given my current configuration.

Given the context of the services and technologies I am using, could you guide me on which authentication service would be most suitable for my application? And if there are recommendations to take into account about the other services, I would also appreciate them, as I am a developer with little experience.

Thank you in advance for any advice or recommendation based on similar experiences.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,953 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,455 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akshay-MSFT 17,961 Reputation points Microsoft Employee
    2023-11-13T08:09:19.1+00:00

    @32kms

    Thanks you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to allow end users with there corporate as well as personal accounts to login into you application hosted on Azure (Azure app services).

    Please do correct me if this is not the case by responding in the comments section.

    Microsoft Entra ID (Formerly Azure AD) offer B2B Collaboration:

    Offers sign in with other organizations account and limited personal IDP like: Google, FB, Apple ID and Microsoft account (preconfigured). The users must be added as Guest via self service or Invitation link.

    With B2B collaboration, you can invite anyone to sign in to your Microsoft Entra organization using their own credentials so they can access the apps and resources you want to share with them. Use B2B collaboration when you need to let external users access your Office 365 apps, software-as-a-service (SaaS) apps, and line-of-business applications, especially when the partner doesn't use Microsoft Entra ID or it's impractical for administrators to set up a mutual connection through B2B direct connect. There are no credentials associated with B2B collaboration users. Instead, they authenticate with their home organization or identity provider, and then your organization checks the guest user’s eligibility for B2B collaboration.

    There are various ways to add external users to your organization for B2B collaboration:

    Invite users to B2B collaboration using their Microsoft Entra accounts, Microsoft accounts, or social identities that you enable, such as Google. An admin can use the Azure portal or PowerShell to invite users to B2B collaboration. The user signs into the shared resources using a simple redemption process with their work, school, or other email account.

    Use self-service sign-up user flows to let external users sign up for applications themselves. The experience can be customized to allow sign-up with a work, school, or social identity (like Google or Facebook). You can also collect information about the user during the sign-up process.

    Use Microsoft Entra entitlement management, an identity governance feature that lets you manage identity and access for external users at scale by automating access request workflows, access assignments, reviews, and expiration.

    A user object is created for the B2B collaboration user in the same directory as your employees. This user object can be managed like other user objects in your directory, added to groups, and so on. You can assign permissions to the user object (for authorization) while letting them use their existing credentials (for authentication).

    You can use cross-tenant access settings to manage B2B collaboration with other Microsoft Entra organizations and across Microsoft Azure clouds. For B2B collaboration with non-Azure AD external users and organizations, use external collaboration settings.

    Azure AD B2C:

    If you have plans to use more personal IDP then offered in B2B then B2C is the suggested solution, as users can do self signup with configured IDP and access the applications

    User's image

    Azure AD B2C is a Customer Identity and Access Management (CIAM) solution that lets you build user journeys for consumer- and customer-facing apps. If you're a business or individual developer creating customer-facing apps, you can scale to millions of consumers, customers, or citizens by using Azure AD B2C. Developers can use Azure AD B2C as the full-featured CIAM system for their applications.

    With Azure AD B2C, customers can sign in with an identity they've already established (like Facebook or Gmail). You can completely customize and control how customers sign up, sign in, and manage their profiles when using your applications.

    Although Azure AD B2C is built on the same technology as Microsoft Entra External ID, it's a separate service with some feature differences. For more information about how an Azure AD B2C tenant differs from a Microsoft Entra tenant, see Supported Microsoft Entra features in the Azure AD B2C documentation.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.