How to authenticate corporate users with Azure AD, and also external users?

1
votes

We need to authenticate both corporate users and external users (partner, customers, third party) into the same application. Corporate users will authenticate using Azure AD, I want them to have SSO experience. For external users I was thinking of Azure AD B2C.

The application is built with Asp.NET MVC/WebApi + AngularJs.

For the scenario described above, I understand I will need 2 different Azure AD tenants. I'm planning to use the Microsoft new Authentication Library MSAL, but I can't find how to configure 2 tenants.

What is the recommended approach for login both corporate and external users ?

Thanks in advance for any help!

1
asp.net-mvcazure-ad-b2cazure-active-directory
there is a good documentation on MSDN msdn.microsoft.com/en-us/library/ff650307.aspx hope this helpsEmil
Based on my understanding, the application for customers should be different for enterprise user. Two applications are recommend for this scenario. You may share more detail about the scenario you were handling.Fei Xue - MSFT
That may be true for Customers and Partners, but we have external third party resources that must work with the current app but are not part of the corporate AD.Guillaume Morin

1 Answers

1
votes

At this time, you must treat Azure AD & B2C as two separate identity providers in your application. I've created a quick & dirty example of such dual integration in a web app here. In an AngularJS app, or in an app that uses MSAL, the integrations will be different. But the high level pattern will be the same.

With this approach, you'll have to ask users which type of account they want to sign-in with, so you know which provider to invoke.