堆栈内存溢出
  简体   繁体   English

将 B2B Azure 目录注册添加到 B2C 租户

[英]Add B2B Azure Directory Signup to B2C tenant

 原文  2022-01-31 14:59:42       azure/ azure-ad-b2c/ azure-ad-b2b

问题描述

We are trying to setup a link between our B2C tenant (which uses app registrations and custom policies, userflows) for registering and authenticating user, with an azure tenant from a customer.我们正在尝试在用于注册和验证用户的 B2C 租户(使用应用程序注册和自定义策略、用户流)与客户的 azure 租户之间建立链接。

As far as I've seen, in B2B tenants, there is the option to choose Azure Active Directory signup as an IDP provider.据我所知,在 B2B 租户中,可以选择 Azure Active Directory 注册作为 IDP 提供商。 In the B2C tenant, I only see Microsoft Account as an IDP, which is not for business user login.在 B2C 租户中,我只看到 Microsoft Account 作为 IDP,而不是用于业务用户登录。

I couldn't find a way to setup Azure Active Directory Sign Up as IDP on our B2C tenant.我找不到在我们的 B2C 租户上设置 Azure Active Directory 注册为 IDP 的方法。 Has someone just added this linkage using OpenID Provider and adding it manually?是否有人刚刚使用 OpenID Provider 添加了此链接并手动添加? Or did you encounter similar situation and worked out another solution?或者您是否遇到过类似的情况并制定了另一种解决方案?

Thanks in advance for any hints!提前感谢您的任何提示! Best Vito最好的维托

1 个解决方案

解决方案1
 0  2022-02-01 13:58:24

• Yes, you can add Azure Active Directory as an IDP to your Azure AD B2C tenant by adding Azure AD to the claims provider element in the 'TrustFrameworkExtensions.xml' file of your custom policy. • 是的,您可以将 Azure Active Directory 作为 IDP 添加到您的 Azure AD B2C 租户,方法是将 Azure AD B2C 租户添加到您的文件'customTrustFramework.xml'中的声明提供程序元素中To configure the same, kindly refer to the link below which explains in detail the actual configurations to be done in the above said file.要进行相同的配置,请参阅下面的链接,该链接详细说明了上述文件中要进行的实际配置。 The 'ClaimsProvider' element should look like the below: - “ClaimsProvider”元素应如下所示:-

 <ClaimsProvider>
 <Domain>Contoso</Domain>
 <DisplayName>Login using Contoso</DisplayName>
 <TechnicalProfiles>
 <TechnicalProfile Id="AADContoso-OpenIdConnect">
  <DisplayName>Contoso Employee</DisplayName>
  <Description>Login with your Contoso account</Description>
  <Protocol Name="OpenIdConnect"/>
  <Metadata>
    <Item Key="METADATA">https://login.microsoftonline.com/tenant-name.onmicrosoft.com/v2.0/.well-known/openid-configuration</Item>
    <Item Key="client_id">00000000-0000-0000-0000-000000000000</Item>
    <Item Key="response_types">code</Item>
    <Item Key="scope">openid profile</Item>
    <Item Key="response_mode">form_post</Item>
    <Item Key="HttpBinding">POST</Item>
    <Item Key="UsePolicyInRedirectUri">false</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="client_secret" StorageReferenceId="B2C_1A_ContosoAppSecret"/>
  </CryptographicKeys>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="oid"/>
    <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid"/>
    <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
    <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
    <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
    <OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
    <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
    <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
    <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
  </OutputClaimsTransformations>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin"/>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>

https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy#configure-azure-ad-as-an-identity-provider-1 https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy#configure-azure-ad-as- an-identity-provider-1

Ensure that after configuring as said in the link above, Azure AD is successfully communicated by Azure AD B2C.确保按照上述链接进行配置后,Azure AD B2C 成功通信 Azure AD。 Also, update the domain name of your domain in the 'ClaimsProvider' element without the '.com' for proper distinguishment.此外,在不带“.com”的“ClaimsProvider”元素中更新您的域的域名以进行正确区分。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我们可以在单个应用程序中使用 Azure Active Directory(AAD) B2B 和 B2C 吗??? 用于 Microsoft Intune 访问的 B2B 和用于用户登录/注册的 B2C - Could we use Azure Active Directory(AAD) B2B and B2C in single application??? B2B for Microsoft Intune access and B2C for user login/signup Azure Active Directory B2C 租户 - Azure Active Directory B2C Tenant Azure B2C/B2B直连 - Azure B2C/B2B direct connect 如何在Azure B2C租户中显示自定义的注册页面? - How to display the customized signup page in Azure B2C tenant? 我收到消息“这不是 Azure AD B2C 目录...”,用于我的 Azure AD B2C 租户 - I get the message “This is not an Azure AD B2C directory…” for my Azure AD B2C tenant 为什么B2C是奇怪的鸭子并且在单独的Azure目录/租户中? - Why is B2C the odd duck and in separate Azure Directory/Tenant? 创建一个Azure Active Directory B2C租户 - Creating an Azure Active Directory B2C Tenant 我有许多B2B和B2C Azure Active Directory实例。 如何为KeyVault分配一个? - I have many B2B and B2C Azure Active Directory instances. How do I assign one to KeyVault? 自定义Azure B2C注册页面 - Customizing the Azure B2C Signup Page Aure B2C 租户/活动目录 - Aure B2C Tenant / Active Directory
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM