An overview of a B2C Application, its B2C tenant and federation to a single Azure AD tenant.
Under this scenario Contoso Azure AD has created an application that they wish to make available to Members and Guests (B2B) of their tenant as well as individual users that are outside their tenant.
- Identity Governance for B2C federated Consumers Accounts (Members and Guests) is controlled from the Contoso tenant.
- Identity Governance for individual users is controlled within the B2C directory.
- The Identity Experience Framework (within the B2C directory) defines the possible sign-up/sign in flows as well as the accepted federation configuration.
- Lastly, an IdP Access Token may be passed through from the Contoso AD tenant should delegated scopes for access back to the tenant be required.