如何使用主目录中的服务主体管理 Azure AD B2C

Question

We are running Azure AD B2C to authenticate users in our application. We also managed to codify almost everything with Terraform and are pretty happy with it. Now we are attempting to move these manifests under Azure Devops Pipelines and are stuck with access problems.

Azure Pipelines use a dedicated service principal in the main (non B2C) Active Directory to perform its operations. We granted this SP enough permissions within the target subscription to handle Terraform resources. But I cannot find any way to grant this SP any permissions on the B2C directory. I can invite users from the primary directory to the B2C, and it works fine, but SP is an application, not a user.

Is there any way to "invite" an application from the primary directory into the B2C directory?

Answer 1

Is there any way to "invite" an application from the primary directory into the B2C directory?

If your app registration support account types is Accounts in any organizational directory (Any Azure AD directory - Multitenant) , you would be able to add the same service principal in your Azure AD B2C Tenant

As you want to use the service principal in Azure Pipelines to handle Terraform resources, it is suggested to use separate service principals for Azure AD and Azure AD B2C as Authentication will be different for the service principal with multi-tenant account support type