2

I am considering identity providers for my project, which supports Open ID connect and Single Sign On, and the features below:

1 Role based access control

2 Offline Access

My questions are

1 Does B2C support RBAC and Offline Acess

2 What are the difference between B2C and AD V2, and their procs and cons? Why are there so many products from Azure that are doing the similar things?

Any pointers would be very much appreciated!

Azure AD B2C - Role management

https://medium.com/the-new-control-plane/comparing-the-identity-providers-idps-that-i-use-f57aac756c70

Update

https://learn.microsoft.com/en-gb/azure/active-directory/develop/

Update 2

Regarding the RBAC using B2C,

1 is there direct support from B2C instead of using the link below as of Feb 2019 Azure AD B2C - Role management?

2 If not in 1, what is the plan to implement RBAC in B2C?

Pingpong
  • 7,681
  • 21
  • 83
  • 209

1 Answers1

1

Azure AD B2C is primarily an Authentication service and does not deal with Authorization (RBAC) 'directly'. But as the link shared by you suggests, it is doable by making a Azure AD Graph call and get group claims for user.

More scenario details are needed on what do you mean by "offline access". AADB2C has a refresh token mechanism which can be redeemed to get an access token, if that's your requirement.

The Azure AD (V1/V2) is an enterprise scenario (managing employees and other stakeholders of a company). Azure AD B2C is a consumer product (as name suggests - Business to Consumer) which is used to manage customers of a company.

Hope that clarifies.

Update 2 answer This might help for possible ways of AuthZ http://stackoverflow.com/questions/53603535 As said already AADB2C is primarily Authentication service and so as of now there is no token based support for group claim. No information about road map.

Abhishek Agrawal
  • 2,183
  • 1
  • 17
  • 24
  • Thanks. Does Azure AD V2 support offline access? or via the refresh token like B2C? – Pingpong Feb 02 '19 at 15:19
  • Yes. Azure AD V2 has refresh token support. You can use MSAL libraries for getting the token. Please accept the answer as well if it answer your question :). MSAL libraries can be used for AADB2C as well. – Abhishek Agrawal Feb 02 '19 at 16:13
  • Thanks, I wonder if you have information on Update 2 posted on OP. sorry for not mentioning it at the beginning. – Pingpong Feb 02 '19 at 19:02
  • This might help for possibleways of AuthZ https://stackoverflow.com/questions/53603535/authentication-vs-authorization/53606885#53606885 As said already AADB2C is primarily Authentication service and so as of now there is no token based support for group claim. No information about road map – Abhishek Agrawal Feb 02 '19 at 19:11
  • As Abishek mentioned, the decision comes down to the identity types you're targeting and if you want a managed service to help you. Azure AD v2 signs in Azure AD users + Microsoft accounts and is really just an identity provider (like Google or Facebook). B2C can sign these in as well as local accounts, Google, Facebook, Amazon, etc and is a managed service that helps with Auth across identity providers (and is highly extensible). – Daniel Dobalian Feb 04 '19 at 18:53