Azure B2B and B2C explained
There are a plethora of IAM solutions available in the market. To name a few we have MS Azure AD, Okta, Ping, ForgeRock, etc. Recently I got a chance to explore the Azure AD B2B and B2C. Let’s identify how to pick the right solution based on the use-cases and how Azure AD works inside an organization.
Azure AD
In simple terms, Azure AD is the cloud counterpart of Active Directory.
Azure AD B2B
Azure AD B2B as the name suggests caters to IAM needs for Business to Business. This is one of the Azure AD functionalities.
Let’s take a use-case. For instance, Company A is launching an internal web portal and wants its partners' organizations to collaborate on the same portal. Company A maintains all its employee’s credentials in the corporate active directory, which is on-premise AD. It uses LDAP to look up the active directory and provide authentication to the internal users. But, how do we provide seamless integration with partner users, keeping all the security and authentication checks in place?
Here comes the Azure AD B2B feature. To set up this feature following steps are required:
1. Sync the on-premise AD to Azure AD. This is done by the Azure AD Connect plugin.
2. Get on to the Azure B2B AD admin consoles. This is used to invite the partner organization’s users.
3. It can happen that the partner user is already present in the partner organization's Azure AD. Then it just creates a stub in company A’s Azure AD and allows the partner user to collaborate. What if the partner user does not have the Microsoft Id? Or what if the partner company doesn't use Azure AD? You are covered! The invite request sent from Azure AD B2B console helps the user to create a new Microsoft account within a few clicks. Now, the user is all set to collaborate with company A’s web portal.
Azure AD B2C
Azure AD B2C is another offering from Azure AD. This solves for Business to Consumers IAM flows. Let’s jump into a real-life scenario.
Same company A now wants to launch an external web site. This will be consumed by any public users. For this, Azure provides a B2C IAM feature. The cool part here is that the user may opt not to go over the tedious steps for user enrollment or registration process. They can simply use either their social media accounts or Microsoft account to log in. All the magic happens behind the scene. Thanks to Azure AD B2C!
The way it works: Azure AD B2C console provides a feature where Company first needs to register its application as a tenant (By the way this is applicable for B2B solution too). All the configuration and policies are defined inside the tenant. For our use-case, Company A will have the external website registered as a tenant in the Azure B2C. We can configure multiple identity providers within a few clicks. Identity providers can be social media accounts such as LinkedIn, FB, twitter etc or it can be the internal customized data source too. Once the configuration of the identity provider is completed, the Azure B2C is ready. It internally uses the OAuth or SAML to validate the user and provides a valid session.
References:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/compare-with-b2c