In this post, I discuss the features of Azure Active Directory B2B (AAD B2B) and Azure Active Directory B2C (AAD B2C), the differences between them and when to use one vs the other.
In B2B, the B stands for Business. AAD B2B allows external organizations to connect to your apps. For instance, AAD B2B has features to automatically manage the user based on the user’s identity, offshore the management to the original organization from where the user’s identity comes from, or let the user self manage the account. Examples of what you can do with AAD B2B:
- Use Dynamic Groups to automatically assign a user to a group based on attributes such as the user’s email, userType, companyName etc …
- Allow a user to self manage the account or request access to applications via MyApps portal.
- Allow a user to sign in once to use applications which the user has access.
- Delegate access management to application and group owners. For example, you can register an application and grant a group access to the application. The group’s owner can add other users to the group. Effectively, you delegate the access management to the group’s owner who may belong to your organization or an external organization.
- Allow the host organization to enforce access policies for their own users to access the applications in your directory. Example of access policies:
- Trusted network access
- MFA enforcement
- Trusted device access
- View audit and report logs for a user.
In B2C, the C stands for consumers. With AAD B2C, you can federate to any identity providers which support standard protocols: Open ID Connect, OAuth, or SAML.
You define and customize the authentication and authorization process via policies.
Out of the box, AAD B2C provides built in policies for federating to popular social platforms including Facebook, LinkedIn, Google, Twitter etc … You can easily configure the built-in policies to customize the login page, the registration page, and specify additional attributes you want the user to provide during registration.