stackoom
  简体   繁体   中英

Why is B2C the odd duck and in separate Azure Directory/Tenant?

 原文  2018-05-28 13:53:20       azure/ azure-active-directory/ azure-ad-b2c

Question

Why does B2C "live" in its own Azure directory?

This seems to be the odd duck, no? Are there other Azure services this way? All of my other Azure resources live in the "default" directory.

更改目录屏幕截图

2 answers

solution1
 3  2018-05-28 14:05:54

It might help in understanding this by understanding the purpose of B2C. The idea here is to support a consumer facing application. For example, you might be building a consumer facing application and people all over the world might access it. You might want to outsource the security piece of that application to Azure AD.

Instead of integrating the application with your corporate Azure AD tenant, you can create a different AD directory, a B2C directory, that simply stores consumer identities. In this case, the B2C AD is completely separate from your corporate / main AD.

solution2
 1  2018-05-29 01:31:25

We all know that for one AAD tenant, it represents an organization. We can use AAD to manage users and resources for an organization. But for AAD B2C, it is just a service for authentication/authorization to all customers which relys application. It can integrate Soical accounts. AAD B2C cannot define those users belong to one organization.

However,AAD B2C still needs AAD to do authentication/authorization and manager users. In B2C, users are Local accounts or social accounts. In AAD, users are cloud accounts or on-premise synced accounts.

For example. If we use normal tenant also as a B2C tenant, the AAD authentication/authorization endpoint will be same. With this situation, we cannot distinguish the kind of users.It will result bad logic in product.

For distinguishing this two AAD, the B2C tenant must be separated.

Here is the clarify in official documentation :

Azure AD and Azure AD B2C are separate product offerings and cannot coexist in the same tenant. An Azure AD tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. With custom policies (in public preview), Azure AD B2C can federate to Azure AD allowing authentication of employees in an organization.

Hope this helps!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Active Directory B2C Tenant Creating an Azure Active Directory B2C Tenant I get the message “This is not an Azure AD B2C directory…” for my Azure AD B2C tenant Add B2B Azure Directory Signup to B2C tenant Aure B2C Tenant / Active Directory Delete Azure B2C AD Tenant Azure AD B2C Create Tenant Cannot delete B2C Azure Tenant Reset Azure B2C Tenant MFA Azure B2C - Do we need to create one B2C tenants for each separate customer or a single B2C tenant for all customers? what is the best practice?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM