Azure AD B2C, Azure AD Tenants and ADFS

Question

I'm building a web portal where my customers can log in - pretty standard stuff.

Now I would like my customers to log into the portal by using their "own credentials". The optimal solution would be that users could use one of the following:

• Office 365

  If they have O365 then just sign in with their own credentials. This scenario is covered by the OOTB VS template

• On-premise ADFS

  If the customer has an on premise ADFS then they should be redirected to that to sign in. (I know this needs configuration for both parties, buts that's ok)

• None of the above

  The customer does not have any of the above and therefore need a "local account". In this case I would like to use Azure AD B2C to store the credentials.

I can do all of the above, but I have never tried to do it all together in one site.

Therefore, is it at all possible and how should I be constructed? And how would the login experience be?

I'm using OWIN.

Any advice would be helpful.

Thanks!

Answer 1

When you say "local". you mean in AAD?

Azure B2C allows non-federated (ie don't use ADFS) users to provision and then authenticate themselves.

However, such users are "outside" of the normal authentication flow and cannot use ADFS or have O365 licenses.

In terms of ADFS and O365, you need to set:

Convert-MsolDomainToFederated

as in Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365 .

Answer 2

In future Azure AD B2C will add the ability for users to login using their 'Work Accounts'. Those are the accounts used for O365. If the respective tenants have setup federation with Azure AD, ADFS federation will also work.

Meanwhile, the old work around for you to get it to work is to have your application 1. handle multiple tokens. [Azure AD, Azure AD B2C, ADFS or other federations] by implementing each federation to get the tokens. 2. implement the idp selection screen on the application and federate to appropriate party.