0

I'm trying to figure out the best way to replicate an LDAP sync or a tool like Azure AD connect but for multiple Azure AD tenants to a single Azure AD B2C tenant. When a user is created in an Azure AD tenant it needs to sync over to the Azure AD B2C tenant. I need the user to exist in the B2C tenant before that user ever tries to login so I can't just point to the Azure AD tenant as the IDP. This is because not all of the users of the AD tenants will login but we will want to show the admin of that tenant all the users.

I've reached out to Microsoft's Azure architects but haven't gotten much feedback on the best approach. Looking for any examples or documentation on the best way to achieve this.

Beastwood
  • 446
  • 3
  • 19

1 Answers1

2

One way would be to develop a SCIM service that provides an endpoint for Azure AD to connect to.

The SCIM service would then call the Graph API to perform the user CRUD in B2C.

This is because B2C has no native SCIM support.

There is a Microsoft sample for the service that you could use. Described here.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • thanks for quick response. I was looking into the github example and I noticed it required the TokenIssuer (https://sts.windows.net//). There are going to be hundreds or maybe thousands of Azure AD tenants syncing. Does this approach scale to support multiple tenants? – Beastwood Dec 09 '21 at 18:11
  • 1
    i think i found the answer to my comment above: https://stackoverflow.com/questions/64323360/how-to-support-multiple-tenants-and-secret-tokens-in-azure-ad-scim-provisioning – Beastwood Dec 13 '21 at 18:12