IT:AD:Azure:B2C
Summary
Currently (Q2/2018) there is no way to create B2C using ARM templates 1).
Azure B2C is maybe easiest described in comparison to Azure AAD.
Azure AAD (AAD) is a directory service to serve the cloud identity management needs of organisations.
Cloud Applications and Services are registered within an organisation's Azure AAD Tenancy and secured against users registered in the same Tenancy.
Azure AD B2B is just a feature of Azure AAD, allowing organisation to federate their individual Azure AD tenancies – ie, invite and grant access to their Tenancy registered Applications and Services for users from other tenants.
Azure AD B2C is a different service with different functionality to Azure AD, although built on the same technology. Whereas Azure AD is targeted at the organisation Users, Azure AD is targeted at the organisation Consumers, providing the organizations a means to manage a access to customer applications using a directory service of customer identities – registered with e-mail ID or social providers like Google, FB, MSA.
- Advantages:
- Provides SSO across the customer's services. Customers only have to register once, via any Customer facing app, to access other Customer facing apps your organisation provides.
- If they sign in to App A, using Facebook, it creates an Principal entry in the Directory Service (DS), which can be used to sign right into App B, without requiring an on-boarding process.
- Highly Available
- Can authenticate Web and Mobile (Android, iOS) apps with:
- Social Accounts (FB, G, etc.)
- Enterprise Accounts (OIDC, SAML)
- Local Accounts (Username/Password) ← as a last resort.
- Can configure with Policies (BuiltIn, and Custom)
* Questions:
- Whether multiple IdPs (eg: Facebook and Google) can be associated to a Principal.
- Considerations:
- It is intended to secure Customer facing applications for Customers.
- Unclear if it can/should also be used to secure Org Users to Customer facing apps – or use Azure AD.
- Disadvantages:
- …