Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure Active Directory B2C deployment via resource manager (or code)

Our company is considering using AAD B2C as the backing store for our SaaS user accounts. Our plan is use Resource Manager templates to deploy the Azure infrastructure (web, storage, sql, etc) for each client. AAD B2C will be part of that if this works out, but as of now there doesn't appear to be a way to include AAD B2C in resource manager templates.

My view of the intent of the B2C product is that it serves as a replacement for the auth and user store components of an app, and should therefore be considered infrastructure. Right now the hierarchy between AAD and resource groups in the new azure portal doesn't reflect that - resource groups (and their resources) appear 'under' an identity in an AAD account. But why is that? Is an AAD a parent to a resource group? I'm trying to understand how the two fit together.

If AAD B2C is really intended to serve this purpose when it leaves preview, it will need to support automation. After a quick search I can't even find code samples to provision a new directory, let alone do so using Resource Manager templates.

Am I looking at this all wrong?

like image 637
Josh Avatar asked Oct 27 '15 23:10

Josh


1 Answers

Currently there is no way to automate the creation of an AAD B2C tenant like there is also no way to automate the creation of an AAD tenant.

After you created a tenant you can access it programmatically via the Graph API. You can read more about this in the documentation: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/.

The first paragraph of this documentation mentions the following:

Azure Active Directory (Azure AD) B2C tenants tend to be very large. This means that many common tenant management tasks need to be performed programmatically. A primary example is user management. You might need to migrate an existing user store to a B2C tenant. You may want to host user registration on your own page and create user accounts in Azure AD behind the scenes. These types of tasks require the ability to create, read, update, and delete user accounts. You can do these tasks by using the Azure AD Graph API.

Caution: at the point of writing this is still in preview so the API can change any time and you have no SLA.

For the latest status about which Azure services support ARM you can read this page: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-supported-services/

like image 163
Wessel Kranenborg Avatar answered Oct 17 '22 09:10

Wessel Kranenborg