B2C Federating to a Single Azure AD Tenant

An overview of a B2C Application, its B2C tenant and federation to a single Azure AD tenant.

High-Level Overview

Under this scenario Contoso Azure AD has created an application that they wish to make available to Members and Guests (B2B) of their tenant as well as individual users that are outside their tenant.

Identity Governance for B2C federated Consumers Accounts (Members and Guests) is controlled from the Contoso tenant.
Identity Governance for individual users is controlled within the B2C directory.
The Identity Experience Framework (within the B2C directory) defines the possible sign-up/sign in flows as well as the accepted federation configuration.
Lastly, an IdP Access Token may be passed through from the Contoso AD tenant should delegated scopes for access back to the tenant be required.

Twitter Facebook LinkedIn

The OAuth Token Flow and Token Theft

less than 1 minute read

Understanding the OAuth Token Flow and the risk of Token Theft.

Scoping Azure AD Roles with Administrative Units

less than 1 minute read

In Azure AD, an Administrative Unit is a collection of Users, Groups and Devices. These groupings provide a means to apply granular control in the assignment...

Granting Background App Services, Daemons and Scripts Delegated Permissions for Microsoft Graph

less than 1 minute read

Background services, daemons and scripts interacting with Microsoft Graph are commonly configured to acquire Application level permissions. Application admin...

Azure AD Group Writeback to On-Premises AD

less than 1 minute read

Using the Azure AD Connect Group Writeback feature to synchronise cloud groups to on-premises.

B2C Federating to a Single Azure AD Tenant

Chris Dymond

High-Level Overview

You May Also Enjoy

The OAuth Token Flow and Token Theft

Scoping Azure AD Roles with Administrative Units

Granting Background App Services, Daemons and Scripts Delegated Permissions for Microsoft Graph

Azure AD Group Writeback to On-Premises AD