How to Synchronize/Migrate AAD B2C in O365 Azure AD B2B integration?

Dipti Chhatrapati 11 Reputation points
2020-02-03T15:49:39.93+00:00

Hello,

We have a SharePoint on-premises application that uses Azure Active Directory - B2C for single sign on and other security features. At present we are planning to move to Microsoft cloud and require to know the solution to synchronize/migrate Azure AD B2C implementation with O365 Azure AD B2B? Would you please share your suggestions?

Thanks and Regards,

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,701 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,079 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,441 Reputation points
    2020-02-04T07:24:13.2+00:00

    @Dipti Chhatrapati There is no out of box solution to sync/migrate B2C users to standard Azure AD tenant as the information stored for signed-up local/social users is different than standard AAD users. You may consider exporting minimum required attributes from source directory to create users and use below method to create users in target directory:

    2671-capture.jpg

    If you want to add the users as Guests, use below method:

    2681-capture2.jpg

    You may also consider combining multiple requests by using $batch endpoint, as explained here: https://learn.microsoft.com/en-us/graph/json-batching

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    1 person found this answer helpful.

  2. Dipti Chhatrapati 11 Reputation points
    2020-02-05T14:25:58.617+00:00

    Further I have following question:

    If user b2cuser1@extdomain1.com exists in B2C tenant for SharePoint on-premises application's ( e.g. SPApplication.com) authentication and security features.Now,SPApplication.com is moving to SharePoint Online in O365tenant where there is no concept of B2C, but B2B integration. In this case, Is it necessary to migrate user b2cuser1@extdomain1.com into O365tenant AD?

    I suppose, there is no need of migration, as if B2B is enabled in SharePoint Online, then with External Sharing settings at tenant and site level will allow b2cuser1@extdomain1.com user to authenticate with passcode and when b2cuser1@extdomain1.com try to access SP online first time via email, Azure AD account will be automatically created in O365tenant AD.

    Can you please share whether in this case migration is really requiring or not? If migration is not requiring, then what are those features which O365tenant with B2B will miss which is available in Azure AD B2B?

    0 comments No comments

  3. AmanpreetSingh-MSFT 56,441 Reputation points
    2020-02-06T11:26:23.627+00:00

    @Dipti Chhatrapati If you are referring to below option, you need to have the b2cuser1@extdomain1.com present as a guest user in the new B2B tenant.

    2673-capture.jpg

    This option is only for those users who do not have presence in ant Azure AD tenant nor they have Microsoft Account associated with them. When the users will access the SharePoint online site and enter the OTP, their invitation will be redeemed. In short, users need to be migrated but they won't need to redeem the invitations explicitly as it will be done with first time login to SP Online site.

    Also, if the users are not present in the tenant, you will not be able to add them as members to the SharePoint site in first place and they will be denied access to the site.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

  4. Dipti Chhatrapati 11 Reputation points
    2020-02-10T13:47:49.52+00:00

    Hi Amanpreet,

    I have tested and verified earlier that the presence of the user in the tenant is not requiring if we want to add them as members OR share any content, they can be directly added without having them in the tenant, therefore I have following questions:

    1) Does it require the transformation of B2C accounts into the O365 tenant? If not, then what are the features we may miss which is possible in B2C but not B2B for a large number of users?

    2) Is there any story/solution available that can guide on integrating on-premises B2C with O365 B2B for a large number of users, for example, 40K internal and 35K external users?

    3) Is there any documentation/best practices to plan external sharing for the 40K internal and 35K external users? ( There are of course documentation available on how to share content at tenant/site level, however, I could not find any planning documentation)

    Thanks and Regards,

    0 comments No comments