简体繁体 English

使用Azure AAD进行身份验证

[英]Authentication using Azure AAD

原文 2019-04-14 16:48:03 7 3 azure/ authentication

I am developing a banking application on Azure platform. 我正在Azure平台上开发银行应用程序。 Initially we started with B2C as identity provider however B2C does not integrate with office 365 so now thinking of moving with Azure AAD as identity provider. 最初，我们以B2C作为身份提供者开始，但是B2C不与Office 365集成，因此现在考虑将Azure AAD用作身份提供者。

Is it safe to onboard external clients on Azure AAD and authenticate users and give single sign-on on office 365 as well ? 在Azure AAD上注册外部客户端并验证用户并在Office 365上进行单点登录是否安全？

Please let me know your thought on this or any recommendation. 请让我知道您对此或任何建议的想法。

Thanks, Manoj 谢谢，Manoj

3 个解决方案

Safe as in secure? 安全可靠吗？ Yes, I don't believe Azure AD is fundamentally any less secure than B2C. 是的，我不认为Azure AD从根本上说不比B2C安全。

Couple of things you might want to consider: 您可能要考虑的几件事：

Azure AD is much more expensive than Azure AD B2C. Azure AD比Azure AD B2C昂贵得多。

10,000 AD users, per month: ~$10,000,00 on basic tier, ~$60,000,00 on Premium 1, and ~$90,000,00 on Premium 2. 每月10,000个AD用户：基本层约为10,000,00美元，高级1约为60,000,00美元，高级2约为90,000,00美元。

B2C is billed on number of authentications; B2C按认证数量计费； and you get 50,000 free authentications a month, this would the equivalent of 10,000 users signing in 5 times each. 并且您每月可获得50,000个免费身份验证，这相当于10,000个用户每次登录5次。

You might need to setup B2B is you want to provide access to external user identities. 如果要提供对外部用户身份的访问，则可能需要设置B2B。
Azure AD has a wider range of features you may need to manage. Azure AD具有您可能需要管理的广泛功能。
B2C is designed explicity for business to consumer. B2C的设计明确针对企业对消费者。 Azure AD with B2B is business to business. 带有B2B的Azure AD是企业对企业的。

You have left a few things out. 您遗漏了一些东西。

What is your SSO strategy (B2B or a custom model)? 您的SSO策略是什么（B2B或自定义模型）？ What Office 365 applications do you want Users to have access to? 您希望用户可以访问哪些Office 365应用程序？

The identity provider that you use has more to do with who your user is than anything else. 您使用的身份提供者与您的用户身份息息相关。 For example, if you are a retail bank providing services to individuals then you'll probably want to use AAD B2C since its really a consumer scenario. 例如，如果您是一家向个人提供服务的零售银行，那么您可能要使用AAD B2C，因为它确实是一种消费者方案。 If you are building an application for employees of the bank, then you'll want to use AAD. 如果您要为银行员工构建应用程序，则需要使用AAD。

If you are a bank that provides a service to commercial clients then you might want to consider delivering a multi-tenant AAD application where your customers add your banking platform as a SaaS application to their directory (scenario being that you can integrate directly with their directory for controlling access to accounts, approval workflows etc). 如果您是一家为商业客户提供服务的银行，那么您可能要考虑交付多租户AAD应用程序，您的客户会将您的银行业务平台作为SaaS应用程序添加到他们的目录中（场景是您可以直接与他们的目录集成）用于控制对帐户，批准工作流程等的访问）。

AAD B2B is primarily when you want to invite external users into your own internal systems as a guest (different to a multi-tenant SaaS application). AAD B2B主要是当您要邀请外部用户作为访客（与多租户SaaS应用程序不同）来邀请其进入自己的内部系统时。