Azure AD B2C 多租户架构
[英]Azure AD B2C Multi-Tenant Architecture
问题描述
Does Microsoft Azure AD B2C support Multi-tenant Architecture? 
Microsoft Azure AD B2C 是否支持多租户架构? The below diagram is our Architecture.下图是我们的架构。 I have created an Azure AD B2C Service call Tenant(Client) and a link to my subscription account.我创建了一个 Azure AD B2C 服务调用Tenant(Client)和一个指向我的订阅帐户的链接。 I have registered UI and API application in that tenant.我已经在该租户中注册了 UI 和 API 应用程序。 Then I have created the user in Tenant as admin.然后我在租户中以管理员身份创建了用户。 Admin creates the users to access my application.管理员创建用户来访问我的应用程序。 We are planning to implement Multi-Tenant of Azure AD B2C to Access single Angular Application(UI).我们计划实施 Azure AD B2C 的多租户来访问单个 Angular 应用程序(UI)。
Example:例子:
I have created an Azure AD B2C Service call TenantA(Client A) and a link to my subscription account.我创建了一个 Azure AD B2C 服务调用TenantA(Client A)和一个指向我的订阅帐户的链接。 Then I have created the user in TenantA as admin.然后我在 TenantA 中以管理员身份创建了用户。 Admin creates the users to access my application.I have registered管理员创建用户来访问我的应用程序。我已经注册
I have created an Azure AD B2C Service call TenantB(Client B) and a link to my subscription account.我创建了一个 Azure AD B2C 服务调用TenantB(Client B)和一个指向我的订阅帐户的链接。 Then I have created the user in TenantB as admin.然后我在 TenantB 中以管理员身份创建了用户。 Admin creates the users to access my application.管理员创建用户来访问我的应用程序。
Multiple Tenants of Client A(Tenant A) and Client B(Tenant B) Users should access a single UI application and should access a single API Application. Client A(Tenant A)和Client B(Tenant B)的多个租户 用户应访问单个 UI 应用程序,并且应访问单个 API 应用程序。
How can I register for both tenants the same configuration in UI and API Applications?如何在UI和API应用程序中为两个租户注册相同的配置?
2 个解决方案
解决方案1
0 2020-06-08 15:38:42
As per your requirement you can achieve this by enabling the Azure AD single tenant application to multi tenant application and by setting up the endpoint to https://login.microsoftonline.com/common根据您的要求,您可以通过将 Azure AD 单租户应用程序启用到多租户应用程序并将端点设置为https://login.microsoftonline.com/common来实现此目的
By this the there is be single application registration/UI/WebAPI and users from both tenants can access your application.这样,就有了单一的应用程序注册/UI/WebAPI,两个租户的用户都可以访问您的应用程序。
If you are particularly looking for Azure AD B2C Multi-Tenant application you can refer this link如果您特别在寻找 Azure AD B2C 多租户应用程序,您可以参考此链接
解决方案2
0 2020-06-09 06:51:34
You can't, each tenants api scope will be unique, since it's based on the tenant id.你不能,每个租户 api scope 将是唯一的,因为它基于租户 ID。
You could put all users in the same tenant, or use a library that supports multiple token issuers.您可以将所有用户放在同一个租户中,或者使用支持多个令牌颁发者的库。
Or if you really need isolation on the identities, you could federate a single B2C “funnel” tenant with multiple customer B2C tenants and use home realm discovery to route the authentication flow for the incoming users.或者,如果您确实需要身份隔离,您可以将单个 B2C“漏斗”租户与多个客户 B2C 租户联合,并使用家庭 realm 发现来路由传入用户的身份验证流。 This approach must ensure the email is unique amongst all tenants in scope.这种方法必须确保 email 在 scope 的所有租户中是唯一的。 The funnel tenant would ask for the users email, use custom policy to call a REST API which would use Graph API to lookup the email in all the tenants. The funnel tenant would ask for the users email, use custom policy to call a REST API which would use Graph API to lookup the email in all the tenants. Once it finds the tenant, it tells the funnel tenant which B2C federation to redirect the user to to complete the auth.一旦找到租户,它就会告诉漏斗租户将用户重定向到哪个 B2C 联盟以完成身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.