This question already has an answer here:
how to federate between Azure B2B and B2C
(1 answer)
Closed 5 years ago.
I have requirement to create a web application using AzureAD, where user may login from Organization/using their personal account(FB,Google, etc..) Can we use both B2B and B2C in same Application?
Azure AD B2B Collaboration is a feature that is not available for Azure AD B2C tenants.
However, the ability to add Azure AD as an IdP in B2C should be available very soon. Vote for it in the Azure AD B2C UserVoice forum to support this ask and be informed on updates on it's progress: Add an Azure AD Identity Provider
Alternatively, you do this in your app by setting it up to support multiple identity providers (Azure AD B2C and Azure AD). See junaas post: how to federate between Azure B2B and B2C
Related
I'm usign custom policies in Azure.
How to make any new account created as a visitor account and not a member please.
Can someone explain the differences between Guest and Member? What are consequences when creating a user in B2C?
Can't find it in the docs.
we have a choice to create users only with
UserType=Member in Azure AD B2C.
UserType=Guest is a implementation detail of Azure AD B2B which is a
feature of regular Azure AD and it is not supported in Azure AD B2C.
B2c Is designed basically for EXTERNALLY facing apps which have own
app specific login credentials.
and so There is no concept of a GUEST user for a B2C tenant.
If one need GUEST user type of access for B2C users, then they would have to invite them separately to the main AzureAD tenant.
References:
B2C Portal Login, B2C Guest Users - Cloud Identity Architect
Use map UserType with Azure AD Connect cloud sync | Microsoft Docs
can an invited guest user signin using azure ad b2c
We have 2 separate Azure Tenants. One is a parent organisations and the other is ours. Ours has a directory that has Azure AD B2C. We would like to use the parents organisation Azure AD as an Custom Identity Provider. We have got this configured and working. However, we would like to customize the UI of the parents organisation Azure AD as the branding needs to be different.
Is there a way to customize the UI of a Custom Identity Provider in Azure AD B2C? Note, we do have limited access the the parent organisations Azure AD but we are not able to change the branding/UI.
You cant do this with Azure AD B2C since AAD B2C doesn't own that federated IdP. Its up to the federated IdP to provide the branding. For Azure AD, the branding abilities are documetented here.
The documentation for Azure Active Directory B2C states ADConnect can’t be used to migrate users. I believe this is referring to the native store.
“No, Azure AD Connect is not designed to work with Azure AD B2C.”
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs
But can I use ADConnect if I configure Azure Active Directory as an Identity Provider?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory
If you setup sync to an Azure AD from on-prem AD with AAD Connect,
and then connect that AAD as an identity provider to B2C,
it will work.
Note you should use another Azure AD tenant for this, OT the one underneath the B2C tenant.
It also works quite nicely at least based on my short testing that if you have a single IdP in the sign-in policy, the B2C pages don't even show up.
Of course the first time, users will have to "sign up" to the B2C tenant with their AAD account.
Technically the sentence is correct that you can't migrate users to B2C with AAD Connect, but there is this roundabout way of doing it.
Technically the users are not migrated to B2C, but we migrate them to a place where they can be utilized from by B2C.
Is it possible to reset or change a user's password in Azure AD B2C Free Tier? If so, is there an example of how to do that?
This page seems to indicate that this is only available as paid options.
B2C is a separate service from Azure AD (though it runs on top of Azure AD).
The page you linked is for Azure AD, not B2C.
B2C allows users to reset their password by themselves if you enable the policy for that and configure it in your app: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies#create-a-password-reset-policy.
You can find pricing for B2C here: https://azure.microsoft.com/en-us/pricing/details/active-directory-b2c/
Are the identity protections in this article, Azure Active Directory Identity Protection, applicable to Azure AD B2C?
At this time, Azure AD B2C does not support Azure AD Identity Protection.
You can request this feature ask in the Azure AD B2C feedback forum.