Granting access to 3rd parties outside of my Azure AD with applications that authenticate through Kerberos

Chris Ong 1 Reputation point

I need to provide access to an application that sits on a VM in Azure that belongs to my company domain to 3 parties that do not belong to my company. The said application requires authentication through Kerberos. Internally, I would be able to get this to work by syncing the Azure AD to my on-prem AD and Azure AD Domain services to my on-prem domain.

Now that I need to provide access to 3rd parties outside of my Azure AD, what are the methods available, keeping in mind that the application requires Kerberos authentication? Also, I would like to limit the number of users that I would need to create in Azure AD for the 3rd parties.

I've seen that there is a preview for Kerberos authentication on Azure AD and also there is the Azure B2C but I can't seem to be able to piece them together to understand how they would be able to manage the access to the application.

Thanks for the help in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,900 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Carlos Solís Salazar 17,021 Reputation points MVP

    Hi @Chris Ong

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    Definitely, the way to allow third parties is to use Azure AD B2C.

    You cannot merge the users between Azure AD and Azure AD B2C.

    I had a similar case, and what we did was adapt the application to have one login page for Azure AD user (my company users); and another login page for Azure AD B2C (for third parties)

    Hope this helps,
    Carlos Solís Salazar


    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    1 person found this answer helpful.

  2. Chris Ong 1 Reputation point

    Hi @Carlos Solís Salazar , thanks for your response. I'm wondering how the Azure B2C works in terms of getting the permissions required to authenticate with the application that requires Kerberos.

    For example, you create a user account on Azure AD B2C. On-prem Microsoft AD requires a user to authenticate with the Kerberos application. How does the user account get linked to the on-prem Microsoft AD to provide the token to authenticate with the application via Kerberos? Do you require Azure AD as a go-between to facilitate this?
    Sorry I'm very new to this so I'm not able to visualize how the process in between when the user logs on through Azure AD B2C until it arrives at the application.

    Thank you!

    0 comments No comments