I am working on a project to migrate the Consumer faced application to the cloud.
Based on the pricing I prefer to use the Azure AD B2C tenant.
Tentative timeline for the Azure AD B2C GA ?
How can I sync/move the user object from On-premises AD to the Azure AD B2C tenant? Can we use Azure AD connect for this?
As stated in this FAQ,
Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
No, Azure AD Connect is not designed to work with Azure AD B2C. We
will provide various migration options and tools out-of-the-box in the
future.
With the (beta) MSAL library (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet), you can add both B2C and your existing AD to your website, so both worlds (external customers in B2C and corporate users in AD) can login to the same site.
from: https://blogs.technet.microsoft.com/enterprisemobility/2016/03/31/microsoft-identity-at-build-2016/
MSAL is a developer library that helps you to obtain tokens from MSA, Azure AD or Azure B2C for accessing protected resources – such as your own API, Microsoft’s API (such as the Microsoft Graph) and any other 3rd party choosing to protect their API with Microsoft identity.
Related
Scenario:
Managed GCP Applications hosted on GCP with a Google cloud identity setup for customers
Want customers to access GCP managed service using their own IDP
Question:
Can I use Azure AD b2c as an IDP for Google cloud identity ?
Looking for a solution or alternate solutions which may not be that expensive
Azure AD B2C is an OIDC IdP so yes, it can be used as a federated IdP in Google Cloud Identity. Due to the similarities between Azure AD B2C and Azure AD you can follow most of the steps detailed in Configure workforce identity federation with Azure AD and sign in users with the following Azure AD B2C specific replacements:
Create a new app. As a best practice, we recommend that you create a new application in Azure AD B2C and use only the application to obtain Google Cloud credentials. To create a web app for user sign-in with Azure AD B2C and enable your app to receive tokens from Azure AD B2C, see Register a web application in Azure Active Directory B2C. Do not forget to follow the Next steps.
Skip this one.
I am trying to use MFA for on-premise APPS that are secured by AD and ADFS. We are uing MIM to provision accounts automatically to AD. However all accounts will not be synchronized to Azure AD. I have read following article
https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/use-azure-mfa-for-activation
Does it mean you can use Azure AD MFA withing MIM for on-premise Apps which are secured by ADFS? does it go to Azure AD to challenge the user for MFA? what about if the account exist only in AD not Azure AD?
Appreciate all kind of advice.
The article you cited above is only applicable to the use of Azure AD MFA within MIM for the privileged access management scenario, rather than for MFA for use within applications. I would recommend synchronizing accounts to Azure AD, and using conditional access and the application proxy where applicable. See https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion for more info on the options for applications.
All the references online use Azure AD - is it possible to use Azure AD B2C with PowerBI?
It is not currently possible to use Azure AD B2C tokens to access PowerBI dashboards. I would encourage you to vote for this feature here.
I’d like to use scopes in our Azure B2C instance, however all our resources are residing in a different active directory. Can I somehow also select the API instance from another Resource? Or is it possible to upgrade our main AD to an Azure B2C one? Or can we somehow move our subscription and all resources to our Azure B2C AD?
At this point in time, Azure AD B2C does not support multi-tenancy. You can vote and keep track of the feature in the Azure AD B2C UserVoice forum:
How to use Multitenant Applications Based on B2C
Without multitenancy, you will not be able to access resources from other tenants. It is also not possible to upgrade your main AD to an Azure AD B2C tenant, or have subscriptions within your Azure AD B2C Tenant.
Not entirely sure what your scenario is, but the recommended way to do this is by adding Azure AD as an identity provider. This currently can be done using custom policies, but I would encourage waiting until the feature is available through built-in policies.
Could you please define cloud based authentication services Azure AD B2C and B2B with it's uses and their differences if any. Please provide list of web resources if you can.
The uses of Azure AD B2C (Business to Consumer) and Azure AD B2B (Business to Business) are very different. These differences are highlighted in the documentation.
B2C documentation: https://azure.microsoft.com/en-in/services/active-directory-b2c/
Azure Active Directory B2C is a highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities.
In a nutshell, it allows you to authenticate customers using social identities, like Facebook or Microsoft Account, but still within the context of Azure AD.
B2B documentation: https://azure.microsoft.com/en-in/documentation/articles/active-directory-b2b-collaboration-overview/
Azure AD B2B collaboration lets you enable access to your corporate applications from partner-managed identities. You can create cross-company relationships by inviting and authorizing users from partner companies to access your resources.
In a nutshell, it allows you to authenticate corporate users from other companies.
So one is for consumer-facing applications, and one is for business applications.
https://predica.pl/blog/azure-ad-b2b-b2c-puzzled-out/
Azure AD is an identity as a service provider aimed at organization users to provide and control access to cloud resources
Azure AD B2B is not a separate service but a feature in Azure AD. It allows cross-organization collaboration in applications from an identity standpoint.
Azure AD B2C is an independent service for building a consumer application identity repository. If you need a service to handle email or Facebook login – it is there for you.
https://learn.microsoft.com/en-us/azure/active-directory/b2b/compare-with-b2c
B2B collaboration capabilities
Single sign-on (SSO) to all Azure AD-connected apps is supported. For example, you can provide access to Office 365 or on-premises apps, and to other SaaS apps such as Salesforce or Workday.
Partner lifecycle: Managed by the host/inviting organization.
Azure AD B2C stand-alone offering
SSO to customer owned apps within the Azure AD B2C tenants is supported. SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps is not supported.
Customer lifecycle: Self-serve or managed by the application.