I have application 1 that uses Azure AD B2B. User is logged in to the application 1. If the user is redirected from application 1 to application 2, I want the user to be automatically logged in to the application 2 as well.
Application 2 is using the AZure B2C AD.
Is that possible to achieve?
Thanks
It is possible if the Azure AD B2B identity is federated, as an external or "social" identity, with the Azure AD B2C tenant.
An example of this identity federation is shown by the Woodgrove Groceries sample where a B2B identity has been integrated with a B2C tenant.
Related
I'm usign custom policies in Azure.
How to make any new account created as a visitor account and not a member please.
Can someone explain the differences between Guest and Member? What are consequences when creating a user in B2C?
Can't find it in the docs.
we have a choice to create users only with
UserType=Member in Azure AD B2C.
UserType=Guest is a implementation detail of Azure AD B2B which is a
feature of regular Azure AD and it is not supported in Azure AD B2C.
B2c Is designed basically for EXTERNALLY facing apps which have own
app specific login credentials.
and so There is no concept of a GUEST user for a B2C tenant.
If one need GUEST user type of access for B2C users, then they would have to invite them separately to the main AzureAD tenant.
References:
B2C Portal Login, B2C Guest Users - Cloud Identity Architect
Use map UserType with Azure AD Connect cloud sync | Microsoft Docs
can an invited guest user signin using azure ad b2c
We have 2 separate Azure Tenants. One is a parent organisations and the other is ours. Ours has a directory that has Azure AD B2C. We would like to use the parents organisation Azure AD as an Custom Identity Provider. We have got this configured and working. However, we would like to customize the UI of the parents organisation Azure AD as the branding needs to be different.
Is there a way to customize the UI of a Custom Identity Provider in Azure AD B2C? Note, we do have limited access the the parent organisations Azure AD but we are not able to change the branding/UI.
You cant do this with Azure AD B2C since AAD B2C doesn't own that federated IdP. Its up to the federated IdP to provide the branding. For Azure AD, the branding abilities are documetented here.
Can an invited guest user in Azure AD B2C signin using this Azure AD B2C and access a registered application?
What is the password in this case?
Invited guests are for admin purposes i.e. administer the B2C tenant.
Typically they would be e.g. in another Azure tenant and hence would use the password in that tenant.
Only local users i.e. users created via B2C SUSI policies can access applications.
I am trying to connect Azure AD to B2C via open ID connect. Using a MSAL JS i am able to successfully login to Azure AD and local B2C users.
However when a user is created in B2C portal (from Azure AD) the mail fields are missing e.g. name & email
looking through the ID token from the Azure AD there are no values returned for email or name.
You cannot create an Azure AD B2C user, e.g. federated from another Azure AD tenant to the Azure AD B2C tenant, using the Azure AD B2C portal. You must create this user using either an Azure AD B2C flow/policy or the Azure AD Graph API.
When you invite an Azure AD user from another Azure AD tenant to the Azure AD B2C tenant, they are added as a guest user, e.g. so that they can co-manage the Azure AD B2C tenant.
Our organization has a on premise Active directory.For few of our applications we want to implement authentication mechanism using Azure AD. Following is the requirement:
1) Organization users will be authenticated by Azure AD
2) External users will be authenticated by Azure AD B2C
3) Whenever an external user is trying to access the application, application will redirect the user to B2C login page.
Can anyone help me with steps for the solution?
Also, is there any issues to implement the security mechanism using Azure AD and B2C if the application resides in AWS?
For a specific sample of how to implement these custom policies, see Woodgrove Groceries demo, which enables users to sign in with either:
An "individual customer" account (i.e. a local account that is managed by Azure AD B2C or a Google or Microsoft account that is federated with it); or
A "business customer" account (i.e. an Azure AD account that is federated with Azure AD B2C); or
A "partner" account that is a direct federation between the end-user application and Azure AD (where Azure AD B2C doesn't act as an intermediate federation).
For your use case B2C custom policies are perfect fit. you can get start on custom policies from https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom
1) Organization users will be authenticated by Azure AD
You can integrate this in custom policies. Example: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
2) External users will be authenticated by Azure AD B2C
Once you add custom policies those will allow you to login users from external network/ social IDPs
3) Whenever an external user is trying to access the application,
application will redirect the user to B2C login page.
It's all about configuration. If you configure properly it will take you to B2C login page. If you stuck while integrating drop comment here.
Also, is there any issues to implement the security mechanism using
Azure AD and B2C if the application resides in AWS?
I don't think you will face challenges. Cloud redirects will happen and works fine with B2C too.