[英]How can I manage Azure AD B2C with a service principal from the main directory
We are running Azure AD B2C to authenticate users in our application.我们正在运行 Azure AD B2C 来验证我们应用程序中的用户。 We also managed to codify almost everything with Terraform and are pretty happy with it.我们还设法用 Terraform 编纂了几乎所有内容,并且对此非常满意。 Now we are attempting to move these manifests under Azure Devops Pipelines and are stuck with access problems.现在我们正试图将这些清单移动到 Azure Devops 管道下,但遇到了访问问题。
Azure Pipelines use a dedicated service principal in the main (non B2C) Active Directory to perform its operations. Azure 管道使用主(非 B2C)Active Directory 中的专用服务主体来执行其操作。 We granted this SP enough permissions within the target subscription to handle Terraform resources.我们在目标订阅中授予此 SP 足够的权限来处理 Terraform 资源。 But I cannot find any way to grant this SP any permissions on the B2C directory.但是我找不到任何方法来授予此 SP 对 B2C 目录的任何权限。 I can invite users from the primary directory to the B2C, and it works fine, but SP is an application, not a user.我可以邀请用户从主目录到 B2C,它工作正常,但 SP 是一个应用程序,而不是一个用户。
Is there any way to "invite" an application from the primary directory into the B2C directory?有什么方法可以将主目录中的应用程序“邀请”到 B2C 目录中吗?
Is there any way to "invite" an application from the primary directory into the B2C directory?有什么方法可以将主目录中的应用程序“邀请”到 B2C 目录中吗?
If your app registration support account types is Accounts in any organizational directory (Any Azure AD directory - Multitenant) , you would be able to add the same service principal in your Azure AD B2C Tenant如果您的应用程序注册支持帐户类型是任何组织目录中的帐户(任何 Azure AD 目录 - 多租户) ,您将能够在 Azure AD B2C 租户中添加相同的服务主体
As you want to use the service principal in Azure Pipelines to handle Terraform resources, it is suggested to use separate service principals for Azure AD and Azure AD B2C as Authentication will be different for the service principal with multi-tenant account support type由于您希望使用 Azure 管道中的服务主体来处理 Terraform 资源,因此建议为 Azure AD 和 Azure AD B2C 使用单独的服务主体,因为具有多租户帐户支持类型的服务主体的身份验证将有所不同
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.