In this article we look at the benefits of Azure AD B2C that provides identity-management framework allowing application to use corporate accounts and as well use social accounts to login to the application. This article will details provisioning Azure AD B2C tenant and subsequent articles will walkthrough implementation of a sample application that utilizes Azure AD B2C for Authentication and Authorization.
The capabilities provided by Azure AD B2C can be summarized as below:
Identity as a Service: Azure hosts all the necessary components so end users can register and sign-in
Business to Consumer: Enterprise applications have users in AD store, Azure AD B2C still has a directory of users but is targeted at consumers or external user(s)
Local or social account identities: External users able to register and sign-in to the application or use the social identities viz, Google, LinkedIn etc.
Customization: Provides ability to customize the UI
Protocol Supported: OpenID, OAuth and SAML
Scenarios where Azure AD B2C works well: Web Applications, Mobile Apps, Web API’s
Where Azure AD B2C Does not work: Web API Chains (ie one Web API calling another secured API)
In following section we will look at setting up Azure AD B2C tenant. A tenant represents an organization and contains a directory of users. This will be separate to Azure AD tenant which we have access to by default once signed into Azure.
Let us take brief tour of what Azure AD tenancy looks like from with in Azure Portal
Manage Tenants allow us to switch between different domains.
From the above it is clear that Azure AD B2C tenancy is separate from Azure AD tenancy. So there has to be a way of linking the two as under the hood the user accounts are still being managed by Azure AD.
In the next section we will look at the steps involved in setting up Azure AD B2C tenant:
- On Azure Portal home page navigate to “Subscriptions”
The next screen will list the available subscriptions
Click on Subscription and go to Resource Providers to register Microsoft.AzureActiveDirectory
Once Microsoft.AzureActiveDirectory resource provider is Registered, Create a resource by looking up for Azure Active Directory B2C
Creating a Azure B2C tenancy and linking it to existing Azure Subscription will appear as options in one page and first step will be to create a tenant
Enter initial domain name and then Review and Create
Once the Azure AD B2C tenant is created the next will be to link it to current Azure Subscription
Choose Azure Active Directory B2C and click on Create
Choose the option to link Azure B2C tenant to a subscription
Once successful the link to subscription should be reflected in the created Azure AD B2C information page
This will complete the walk through of setting up Azure AD B2C tenant. In the next article we will look into features of Azure AD B2C in the context of providing IAM capabilities to users.