Azure AD B2C, ADFS and Azure AD feasibility

Jose Francis 21 Reputation points

I'm working on a feasibility study and have been going through the documentation and other forums for a while now, and even if there are many things mentioned here and there online, I'm are still not able to get anything conclusive when it comes to using Azure AD B2C as a common gateway for multiple types of users.

More specifically, I would like to detail below our current and proposed implementation and get some valuable and holistic suggestions from the experts on the same.

The current implementation is:
3 client applications and a restful web service(monolith).
IdentityServer 4 is used for SSO and as the identity provider. Authentication is done in 2 ways:

  1. Manually signed-up users are authenticated against ASP.NET Identity tables.
  2. Corporate employee users logging in with domain-joined machines are authenticated via on-prem AD and Azure AD combination (Federation to ADFS and password hash sync enabled, WS-FED licensing used).

The proposed solution to be:
Multi-tenant support
Migration from monolith to microservices
And possibly replace IdentityServer 4 with a better SaaS solution like Azure AD B2C where users can log in (SSO) to the system using "their own" credentials (corporate or social).

I'm really stuck and confused and thinking about the feasibility when it comes to the IdentityServer 4 and Azure AD B2C thing.
I'm adding below some specific questions and would like to get your suggestions/comments on the items:

1) FOA, Is it a good thought to replace IdentityServer 4(WS FED) with a SaaS solution like Azure AD B2C?

2) Are there any things to consider that I might be missing regarding the design thought of replacing IdentityServer 4 with Azure AD B2C?

3) Can you all please share your thoughts on the orchestration of multiple tenants on a high level if we use B2C.
For e.g., A new tenant may come with existing users on-prem AD or on AD itself or it may be using some other directory service. In this case what should be the design approach to make the system properly extensible. Also, It would be great if somebody could share his/her knowledge/experience around building multi-tenanted systems with Azure AD B2C.

4) I had posted a question about the topology feasibility on the MS forum [ ] but got no responses.
Can somebody have a look at the same and share your thoughts?

5) How will Azure AD B2C federate with users on-prem AD, via ADFS or on-prem AD and Azure AD combination (Federation to ADFS and password hash sync enabled, WS-FED licensing used) ?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,116 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,466 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,605 questions
{count} votes