0
votes

Our organization has a on premise Active directory.For few of our applications we want to implement authentication mechanism using Azure AD. Following is the requirement:

1) Organization users will be authenticated by Azure AD

2) External users will be authenticated by Azure AD B2C

3) Whenever an external user is trying to access the application, application will redirect the user to B2C login page.

Can anyone help me with steps for the solution?

Also, is there any issues to implement the security mechanism using Azure AD and B2C if the application resides in AWS?

2

2 Answers

0
votes

For your use case B2C custom policies are perfect fit. you can get start on custom policies from https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom

1) Organization users will be authenticated by Azure AD

You can integrate this in custom policies. Example: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom

2) External users will be authenticated by Azure AD B2C

Once you add custom policies those will allow you to login users from external network/ social IDPs

3) Whenever an external user is trying to access the application, application will redirect the user to B2C login page.

It's all about configuration. If you configure properly it will take you to B2C login page. If you stuck while integrating drop comment here.

Also, is there any issues to implement the security mechanism using Azure AD and B2C if the application resides in AWS?

I don't think you will face challenges. Cloud redirects will happen and works fine with B2C too.

1
votes

For a specific sample of how to implement these custom policies, see Woodgrove Groceries demo, which enables users to sign in with either:

  1. An "individual customer" account (i.e. a local account that is managed by Azure AD B2C or a Google or Microsoft account that is federated with it); or

  2. A "business customer" account (i.e. an Azure AD account that is federated with Azure AD B2C); or

  3. A "partner" account that is a direct federation between the end-user application and Azure AD (where Azure AD B2C doesn't act as an intermediate federation).