2

I have 3 in-house developed multi-tenant web applications with distinct user stores and authentication mechanisms. We wish to support SSO across the applications using a single federated credential. I am looking at Azure AD B2C and wanted to check if others felt this would support this scenario?

I would prefer not to replace the current user stores but instead link each application user record with a single Azure AD user record and then to SSO from Azure to each application and also between applications using this credential.

I am wondering the following: Will Azure B2C support this scenario? How to link the user records together? How to maintain the user record links? How to support SSO across applications?

Lastbuilders

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
Lastbuilders
  • 79
  • 4
  • You're asking a lot of question here. could you please try to explain in details how the user records are linked between your existing applications? – Thomas Jun 05 '19 at 09:27
  • @Thomas - Currently there is no cross application link for user records and is the crux of the problem I am looking to solve. Why SSO is required is because these are enterprise applications where clients may use more than one. In this case currently their users need to use different credentials for each. We need to make this more usable by supporting SSO across the applications. For Azure AD B2C I believe this may be possible with Custom policies where a user creates a B2C user and then links to the application user record(s). – Lastbuilders Jun 05 '19 at 12:24
  • Have you seen thi article: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration ? It may be a good start for your approach – Thomas Jun 05 '19 at 19:35
  • @Thomas - Thanks for the link. I have reviewed this and also a few videos showing some examples of migrations. I can see how migrations are useful if you wish to move to Azure AD B2C as you ID provider for a single application but am struggling to see how we link accounts from multiple applications together and then support SSO between them? This here looks promising but I am hoping there is a more standard approach now to do this in Azure B2C. https://stackoverflow.com/questions/6666267/architecture-for-merging-multiple-user-accounts-together – Lastbuilders Jun 06 '19 at 15:50
  • So does users uses the same login (maybe not password) on all the apps or you can't assume that ? – Thomas Jun 06 '19 at 19:58
  • @Thomas - I can't assume that. The username may be different in each app so we wish to link these user identities across applications and then once that link is done SSO between the applications. – Lastbuilders Jun 07 '19 at 10:50

0 Answers0