1

I want to deploy an application on Azure. I want users to be able to authenticate in my app without a Microsoft account. This guided me to use the AAD-B2C service. I followed the tutorial shown here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant expecting that this will create a new AAD-B2C Directory in my existing Directory and tenant. I had in my mind something like the following tree:

Subscription: Pay-As-You-Go

Directory: Default

Resource Group: Default-EU

Tenants: Default, Application

User Pools: Default(Internal Users), Application(External Users)

I'm not sure I understand how this works and I'm very confused. Is it possible to use external sign-ins from users that don't have a Microsoft account without creating 2 tenants and 2 directories under my subscription?

Fotios Tragopoulos
  • 449
  • 1
  • 7
  • 24
  • 2
    https://stackoverflow.com/a/51628754/7156345 – Laxman Gite Feb 19 '22 at 17:20
  • 1
    Please read this for better explanation. – Laxman Gite Feb 19 '22 at 17:22
  • 2
    You seem to be confusing the terms directory and tenant there. With Azure AD, directory and tenant mean the same thing. You can't have a tenant under another tenant. They exist in parallel of each other. AAD B2C is a special AAD tenant with features more suited for B2C applications. – juunas Feb 19 '22 at 19:07
  • @LaxmanGite, this is a great explanation. My company name is Contoso and the B2C App name is CoreApp. When I create a B2C Directory it creates a new tenant with the name of the directory which is the name of the AADB2C directory in this case CoreAppDirectory. Where should I deploy CoreApp? in Contoso Tenant or in CoreAppDirectory? Is there any guide showing how to structure a company's projects in Azure? – Fotios Tragopoulos Feb 20 '22 at 09:29
  • Should I deploy the app that will use the ADB2C feature in the company's tenant or in the ADB2C tenant? Does it make any difference? – Fotios Tragopoulos Feb 20 '22 at 09:51
  • Also when creating an ADB2C it is asking for a resource group. Should I select a resource group in the Contoso Tenant or should I create a new resource group in the CoreApp tenant and deploy it there? – Fotios Tragopoulos Feb 20 '22 at 10:04
  • Me too, am very **confused**. To me, a developer like many others. The thing we care about normally is how to utilize 3rd party authentication for our external-facing app to avoid the headache it, and most external users don't even want to register/sign-up either. MS has been brilliant on simplifying things, but they make this a rocket-science. You have to understand so many terms, some explanation are inter-circular. More confusing part is once created a B2C tenant and linked to my subscription, it shows up in `Default Directory`, not the Directory auto-created under this tenant's name. – Jeb50 Apr 13 '22 at 17:29

2 Answers2

4

When you create a B2C tenant, there are two completely different entities that get created - B2C Tenant Resource and B2C Tenant/Directory itself.

The B2C Tenant Resource gets created in the subscription linked to your standard Azure AD tenant (Default Directory e.g., contosocorp.onmicrosoft.com) you used to create the B2C tenant from. This resource is primarily used to change your Azure AD B2C tenant's pricing tier.

A separate tenant for your B2C directory gets created (e.g. contosob2c.onmicrosoft.com). This is an independent tenant/directory than your Default Directory and is not stored in the default tenant.

The way subscription is linked to standard Azure AD tenant is different than the B2C tenant. A subscription in B2C is required for Support, Billing, Custom Policies, and using the Identity Experience Framework. You cannot create resources for Static Web App or Function App, or Cosmos DB in the B2C tenant and you will have to use your Default Directory for this purpose.

Fotios Tragopoulos
  • 449
  • 1
  • 7
  • 24
1

Azure AD B2C is different from Azure AD. So, when you create Azure AD B2C, it creates another tenant

You need to create Azure AD B2C Tenant in the same subscription in which your application is deployed

Create an App Registration in your Azure AD B2C Tenant

Go to your web application and select Authentication. You can add your app registration details in the identity provider

Reference: Azure App Service Authentication (Ez Auth) with Azure AD B2C - DEV Community

RamaraoAdapa
  • 2,837
  • 2
  • 5
  • 11
  • Where should Azure AD B2C be deployed in the old tenant the company tenant or in the one created in the process? In which tenant should I deploy the registered app, in the new tenant or in the previous one? – Fotios Tragopoulos Feb 21 '22 at 11:38
  • 2
    you need to create the app registration in the new tenant – RamaraoAdapa Feb 21 '22 at 11:39