I've seen so many people are very confused about what we can do in Azure AD B2C tenant and the difference between a B2C tenant and normal Azure AD tenant. The main questions are:
What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
Since I can even use some features in B2C tenant, such as Azure AD Connect, buy a new subscription in B2C tenant and use it and so on, Should I use these features?
Why give me these features in the B2C tenant? Why not just use B2C in normal Azure AD tenant?
Azure AD is Microsoft's solution for managing employee access to SaaS apps and it has features designed for this purpose such as licensing and Conditional Access. Azure AD B2C provides an identity and access management platform for building web and mobile applications.
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Before your applications can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. You can create up to 20 tenants per subscription.
Azure Active Directory B2C (Azure AD B2C) is an identity management service that enables custom control of how your customers sign up, sign in, and manage their profiles when using your iOS, Android, . NET, single-page (SPA), and other applications.
Azure AD B2C tenant is just for using Azure AD B2C feature. Azure AD B2C feature(not tenant) is just a resource like VM in the normal Azure AD and this feature needs you to switch to B2C tenant to use. We should not use other features which are not related to Azure AD B2C in B2C tenant.
The most important difference is the management of users.
For normal Azure AD, users’ data is stored(not strictly) in “Users” which you can see it on the Users blade on Azure Active Directory. However, for B2C tenant, users’ data is stored in both “Users” and B2C extension app, which you can see it in App registrations.
For normal Azure AD, users are managed in one organization, these users usually mean employees in one organization. However, in B2C tenant, these users are all customers which can access your B2C app.
For normal Azure AD, users can be created by clicking “New user” button and this type of users is Member in the tenant. You can also invite users from external by Azure AD B2B and this type of invited users is Guest users. For B2C tenant, users are all members in the tenant. But the types of the user accounts are local account and social account. Local accounts can be created by Sign up or using Azure AD Graph API. It cannot be created by clicking “New user” like a normal Azure AD. Social accounts can only be created by signing up.
Overall, Normal Azure AD tenant is employee-based and the tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. Everyone can sign up the app and access to it. Also, you can make AAD tenant be a social account identity provider for B2C tenant with custom policies. You can refer this documentation to achieve this.
The answer is NO, you shouldn’t. Even you can use these features in B2c tenant, we don’t support or suggest you do like this. This is because that you may come across too many issues when using these features and B2C tanant is not designed for these features.
First, to clarify employee-based users and customers, we need to distinguish them by different tenants. Employee-based users should be managed strictly and in a scope under control. But customers are in public and everyone can access your App resource.
Second, authentication logic for 2C is not different from 2B. B2C needs a new identity endpoints which are different from normal Azure AD. Also, B2C tenant needs use custom Identity Experience Framework to achieve more friendly user experience for customers. This is why we cannot use B2C in a normal Azure AD tenant.
Third, B2C users may be millions and even more, count of AAD organization users should be much less than B2C users. The backend engine of B2C is different from AAD so that they're using different hardware.
However, B2C tenant is developed based on Normal Azure AD and it may use other features related AAD to manage. So that you can also see same UI as Normal Azure AD and other features in the B2C tenant.
Above all, you can consider Azure AD B2C is just a feature which you need to switch a directory to use. If you want to use other features, just go to a normal Azure Active Directory.
Reference: What should we do in Azure AD B2C tenants?
Azure AD B2C: Frequently asked questions (FAQ)
Compare B2B collaboration and B2C in Azure Active Directory
The difference between Azure AD, Azure AD B2B, Azure AD B2C.
Azure AD B2C Password Reset
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With