This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 42%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
We are building an application, and as part of it want to be able to grant users access to certain Azure resources, which requires them having an AAD user.
We are currently using Auth0 to authenticate users, which has the great advantage of being able to use external authentication such as LinkedIn. We are prepared to change this if there is a better solution.
Azure B2C seemed like a good option, as this does something similar, but in our testing we found that while an AAD user is created, we are unable to assign IAM permissions to these users to grant them access to resources. Is this correct?
The other approach we have is to simply create an AAD user for people who log into our app, but we want to avoid people needing two sets of authentication, and instead provide a more SSO solution. Is there a better approach that we have missed?
Azure IAM rights can only be granted to Azure AD (B2B) users, you cannot grant them to external accounts.
Thanks for the update Sam, what would be the best course of action in the above scenario