3

My Azure web application will have both internal and external users. The requirements regarding authentication are:

  • Internal users authenticate with their domain accounts (with SSO)
  • External users authenticate through Azure AD B2C (we need to create accounts for them)

How can I set up such scenario?

Regards

George

Improve this question

1 Answer 1

Reset to default
2

If your internal users are using Azure AD - simple - you add your corporate AAD as Identity provider to your B2C. There are various ways to do this. So start here.

If your internal users do not have Microsoft 365 (Azure AD), and you only have on-premises AD DS infrastructure - ... move to Cloud, things will be so much easier. If not, you need at least ADFS, then you can hook up ADFS as Identity Provider in your B2C.

There is no way to make Windows Integrated Authentication and Claims Based authentication at the same time for the app.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Same scenario for me - I have B2C for external users (some local users, some from a connected identity provider), and now the requirement is to allow existing internal users (who are in a separate Azure AD) to also log in to our app (React SPA) - but the owners of the internal users won't connect that AD to B2C as an identity provider - @astaykov is there any way to make this work with that identity provider connection? The only option I can think of is to do something horrible on the front end using MSAL to allow multiple sign in options, and configure 2 authentication schemes on the API.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.