How can I manage Azure AD B2C with a service principal from the main directory
Question
We are running Azure AD B2C to authenticate users in our application. We also managed to codify almost everything with Terraform and are pretty happy with it. Now we are attempting to move these manifests under Azure Devops Pipelines and are stuck with access problems.
Azure Pipelines use a dedicated service principal in the main (non B2C) Active Directory to perform its operations. We granted this SP enough permissions within the target subscription to handle Terraform resources. But I cannot find any way to grant this SP any permissions on the B2C directory. I can invite users from the primary directory to the B2C, and it works fine, but SP is an application, not a user.
Is there any way to "invite" an application from the primary directory into the B2C directory?
1 answers
solution1
0 2022-03-02 06:20:21
Is there any way to "invite" an application from the primary directory into the B2C directory?
If your app registration support account types is Accounts in any organizational directory (Any Azure AD directory - Multitenant) , you would be able to add the same service principal in your Azure AD B2C Tenant
As you want to use the service principal in Azure Pipelines to handle Terraform resources, it is suggested to use separate service principals for Azure AD and Azure AD B2C as Authentication will be different for the service principal with multi-tenant account support type
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.