This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 41%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
A logistics company is developing an application for managing package deliveries for use by their customers and their own delivery drivers.
They have an Azure AD tenant for O365 use, but their contract delivery drivers don't use O365, and don't have a presence on the AAD tenant.
It would be best if these contract delivery drivers could just create and use local accounts in Azure AD B2C to sign-in and use the app (eg leave messages of delivery completion) Since these Delivery Drivers are not on the Company's AAD, would it be as simple as having these drivers create a Google or Facebook account?
(Referencing "How it works" https://learn.microsoft.com/en-us/azure/active-directory/external-identities/identity-providers#how-it-works)
Thank you
Hi @Peter Thurwachter (MINDTREE LIMITED) · Thank you for reaching out.
The link that you are referencing to, is to create B2B (Guest) Accounts in standard Azure AD tenant and NOT in Azure AD B2C tenant. For Azure AD B2C, it requires you to create a new and completely separate tenant than your standard Azure AD tenant which is used primarily by the employees of the organization.
On the other hand, Azure AD B2C is primarily for consumers where you don't know who will be signing up and using your consumer facing application. You can however, create corporate accounts or federate your corporate Azure AD tenant with the B2C tenant as well. But B2C tenant doesn't include all features available in standard Azure AD tenant e.g. Device Registration.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thank you for this response
@AmanpreetSingh-MSFT
Thank you @AmanpreetSingh-MSFT
If I could please ask this follow-up.
----------------------------------------
So it is technically possible for these contract delivery drivers to:
"sign up directly to B2C tenant by clicking on sign up now link and filling the sign up form. If they have Google/Facebook account, they can choose to sign up using those accounts, provided Google/Facebook is federated with B2C tenant."
AWESOME, thank you for this knowledge.
Even if technically possible, are there be other restrictions (license reasons) why this shouldn't be done?
I have a comment from the licensing team:
Everything points to Azure AD external identities at the moment and we know that you can't use that for internal users. From a technical or billing perspective, it is likely that you can apply to internal users; however, that conflicts with what the BG's intent for Azure AD external identities.
I would imagine contract employees would be collaborators, not "internal users"
No?
thanks
Hello @AmanpreetSingh-MSFT
If I could please followup,
So I believe your 2nd bullet point from the answer, "They can sign up directly to B2C tenant by clicking on sign up now link OR they can choose to sign up using those Google/Facebook accounts"
These 2 options I believe is described here in: "Consumer accounts" https://learn.microsoft.com/en-us/azure/active-directory-b2c/technical-overview#consumer-accounts
![70435-image.png][1]
It seems the limitation of the Consumer account is that "Users with consumer accounts can't, access Azure resources eg Azure portal."
So employee (delivery drivers) technically CAN sign in with a Local identity, correct? As long as it doesn't hinder their work that they can't access Azure Resources?
DO you know of any precedent where employees have done this? (I don't need a specific company name, but If I know other companies have done this before, that should put my internal Cx at ease)
Thank you
Peter