I need to build a solution that utilizes Azure B2B Collaboration to on-board customers from different organizations to use my system.
Each customer may have 100's or 1000's of users, where some may have Azure AD and other don't.
The application will have different user roles/groups structure that controls access to my API's.
What is the best way to design this and can you provide references?
Option 1: Create a separate Azure AD for each customer
Each customer will have their own Azure AD and I can use Azure Groups to control access.
- What is the limit of Azure AD's per subscription? (can't find a definitive answer in MS docs) https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-service-limits-restrictions
- Is this a good "Azure" practice? can you provide references?
- Any info about structuring/organizing this for easy maintinance.
- Any complications that I need to be aware of?
Option 2: Create a single Azure AD for all customers/users
All users for all customers will be added to a single Azure AD and for users segregation, each customer's users belong to a separate Azure Security Group.
- In this scenario, I will probably need to maintain each customer groups in a local database since they may have different groups.
- Any concerns from having all customer's users in the same directory?
Options 3:???