First of all let me explain the scenario. Dev Technology Blazor ( Any SPA) .Net Core API I have Azure B2C tenant. My application authentication and authorization is configured using Azure B2C. Now there is some busines related requirement in which external azure active directory user needs to add Azure B2C and at the same time it will get authenticate using external Azure AD. Is this valid scenario and is this possible ? Update Let me give some more insight and example. I have b2c tenant name mytenantpoc. I am working in pocorganization and they have Azure AD tenant and my user is there with like user1@pocorganization.com. This is work account. Now If I invite this user1@pocorganization.com to B2C tenant then it will land as a external active directory user and if I assign some role then it is also possible that user manage Azure B2C tenant. Now I am working on one Blazor application and it required some authentication. So I have registered application B2C. Problem: If I now try to login with user1@pocoranization.com then it is not working. What is working : If I create new user in B2C then it is working. What I am looking for: I want to use Azure AD user in B2C and their authentication will perform.

azureazure-active-directoryazure-ad-b2c

dotnetstep

Reputation: 17485

Authenticate Azure AD User Using Azure B2C

First of all let me explain the scenario.

Dev Technology

Blazor ( Any SPA)
.Net Core API

I have Azure B2C tenant. My application authentication and authorization is configured using Azure B2C.
Now there is some busines related requirement in which external azure active directory user needs to add Azure B2C and at the same time it will get authenticate using external Azure AD.

Is this valid scenario and is this possible ?

Update

Let me give some more insight and example.

I have b2c tenant name mytenantpoc.
I am working in pocorganization and they have Azure AD tenant and my user is there with like [email protected]. This is work account.
Now If I invite this [email protected] to B2C tenant then it will land as a external active directory user and if I assign some role then it is also possible that user manage Azure B2C tenant.

Now I am working on one Blazor application and it required some authentication. So I have registered application B2C.

Problem: If I now try to login with [email protected] then it is not working.

What is working : If I create new user in B2C then it is working.

What I am looking for: I want to use Azure AD user in B2C and their authentication will perform.

Upvotes: 0

Answers (3)

Jas Suri - MSFT

Reputation: 11335

You do not need to invite this account to your AAD B2C. Inviting an account only does what you stated, for the purpose of managing admin tasks in the Azure Portal for your B2C tenant.

You need to add Azure AD as a federated identity provider to your B2C user flow. That will allow users to login from other AAD’s.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy

If you want to restrict logins to specific accounts from another AAD, then you want to apply some sort of RBAC solution or attribute based RBAC.

https://github.com/azure-ad-b2c/samples/blob/master/policies/relying-party-rbac

Upvotes: 2

rbrayb

Reputation: 46773

When you invite a user to B2C, they become an admin. user NOT a local user.

In this scenario, you need to use federation i.e add the azure AD instance as an external provider.

Upvotes: 1

Luca Riccitelli

Reputation: 374

I think you can invite external AD users as guest on tour tenant and then permit login to local accounts on your B2C

Update To permits local accounts you have to change the user flow (or custom policy if your are using that)

Upvotes: 0

Authenticate Azure AD User Using Azure B2C

Update

Answers (3)

Related Questions