Does Azure B2C provide "true" single sign-on between multiple applications

5
votes

I'm currently experimenting with Azure B2C and have created a tenant that is acting as a single identity server with 2 applications registered to it (on different domains).

The Azure B2C documentation suggests that is supports "Single sign-on (SSO) behavior across multiple apps".

The documentation gives the following as an example: "once a user signs into an application, Contoso Shopping, he or she can also seamlessly sign into another one, Contoso Pharmacy, upon accessing it."

Whilst researching the meaning of single sign-on I came across a question on StackExchange where an answer describes 2 meanings of the term "single sign-on":

(1) the user only has to provide credentials a single time per session, and then gains access to multiple services without having to sign in again during that session. But sometimes it's used to mean

(2) merely that the same credentials are used for multiple services; the user might have to login multiple times, but it's always the same credentials.

Can anyone tell me which of those 2 meanings is appropriate for Azure B2C? Does it or does it not provide/support "true single sign-on"?

Thanks in advance for your help

1
azuresingle-sign-onazure-ad-b2c

1 Answers

4
votes

It provides "true" single sign on (case 1) and of course case 2 as well (that is the basis for case 1).

In a B2C policy, you can control the SSO experience per Policy. In the "Token, session & SSO config" part you can configure the SSO behaviour:

enter image description here

As you can see, there is the possibility to limit the SSO to:

  • Tenant (every application in B2C)
  • Application (SSO through different policies on the same app)
  • Per policy
  • Disabled (No SSO)