Azure AD vs Azure AD B2C vs Azure AD B2B

Question

Before Azure AD B2C and Azure AD B2B come into the picture, usualy I added my applications to Azure AD of our tenancy and office 365 users could access the applications using their account (SSO).

I am not a guru so I need to see code and read about exact examples to understand the concepts.

Can I use B2C for SSO as I usually used Azure AD? otherwise how/when can I use B2C and B2B?

Thanks and appreciate all kind of advice.

Answer 1

Azure AD is a directory service with the goal of serving organisations and their needs for identity management in the cloud. You develop against Azure AD, you can secure your applications with it - their users in Azure AD tenants can use it.

Your application is targeted for a specific organisation or multiple organisations using Azure AD (Office 365).

Azure AD B2B is just a feature of Azure AD. It allows organisations to grant access to their applications and services for users from other tenants. From your app perspective nothing changes. It is still same Azure AD app. Azure AD B2B has an API which can be used to create flows for the invitation of users from another directory but it is not changing your app design, etc.

Azure AD B2C is another service built on the same technology but not the same in functionality as Azure AD. Azure AD B2C target is to build a directory for consumer applications where users can register with e-mail ID or social providers like Google, FB, MSA, known as Federation Gateway. The goal for Azure AD B2C is to allow organizations to manage single directory of customer identities shared among all applications i.e. single sign-on.

Azure AD B2C is not targeted at organisation users but consumers.

03.2021 Update: Microsoft has introduced a new solution which merges B2B and B2C - It is called "External Identities".

What is "External Identity": It is a mechanism to allow you, to have external users, self-registration for them and control on their process, within your Azure AD (corp) tenants.

Why it is a merge between Azure AD B2C and Azure AD - those are external users, like in B2C, they can use their own username / e-mail (not a corp domain) and self-register, but within AAD Enterprise tenant. You can also extend authentication flows for External identities with calls to external systems similar like in AAD B2C.

Let's talk about scenario, application for schools:

• Internal users -> Azure AD, covers internal applications, employees etc. in organization. User is in Azure AD
• External users, like guest teachers from other school, partners -> Azure AD B2B, guest user in Azure AD
• External users, but not associated with any organization, e.g parents who need an access to students grades in particular application -> External Identities, they can self-register, they exists within the context of specific app, you can call additional API to check, for example if they match the record in CRM during registration
• External users, open to the internet, e.g. art contest for pupils -> Azure AD B2C. Anyone can register, students, teachers and employees can access it through Azure AD.

Pricing update: There is pricing update which affects Azure AD B2C and External Identities.

• First - price is per monthly, active user (MAU). MAU means someone logged on at least once during the billing period (month).
• Second - first 50k users in Azure AD B2C or external identities are Free. So first 50k users in a month, free - next are paid, so 60k active users within a month costs something like 16USD.

Simple:

• Azure AD - apps for organisations and their corporate users
• Azure AD B2C - apps for customers, like mobile apps, shopping portals etc.

For quick reference I've gathered this in blog post: https://www.predicagroup.com/blog/azure-ad-b2b-b2c-puzzled-out/

For update on External Identities and reference in video format, I've gathered it in this video: https://www.youtube.com/watch?v=E6S1yJKTB7c

Answer 2

Here is the 'official' doc comparing B2B and B2C