When you work with Azure Active Directory, you may here B2B and B2C words quite often. In this article, let’s have a look at what do they mean.
Azure AD B2B
You may be working in an organization. You may know that many guest users may visit your organization throughout the year. Some may visit periodically (e.g. for auditing, or for compliance certifications, etc.).
All such users may need access to some of your internal resources and applications. Also, the access rights may not be same as the regular employees.
Now, they do not have account in your organization’s active directory, so how will the IT admins grant them access ?
There is an old way, where IT admins used to create a group under active directory with only required access rights. Then they used to add users in the active directory under that group. The users would have now new user accounts in your organization, in addition to their organizational accounts. The issue here was guest users have to remember additional username and password. Another issue, if the guess user is removed from their home organization, then an explicit remove operation was required to remove it from your organization.
In order to solve this issue, many organizations started federating their Active directories with other organizations. If your organization’s active directory federates with active directory of guest’s organization, then you do not need to create any new accounts. The guest users will be validated by their own AD.
This federation can be achieved in Azure using Azure Active Directory Business to Business (B2B) collaboration.
Azure Active Directory (Azure AD) business-to-business (B2B) collaboration lets you securely share your company’s applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don’t have Azure AD or an IT department.
A simple invitation and redemption process lets partners use their own credentials to access your company’s resources. Developers can use Azure AD business-to-business APIs to customize the invitation process or write applications like self-service sign-up portals.
Azure AD B2C
Azure Active Directory B2C is for applications which are customer facing. For ex. your organization may work on an application which helps people to find the rented apartments for residential purpose. Anybody can come and create account in your application.
In such cases Azure Active Directory Business to Customer (B2C) is the best choice.
Azure AD B2C can facilitate collecting the information from the user during registration or profile editing, then hand that data off to the external system. Then, during future authentications, Azure AD B2C can retrieve the data from the external system and, if needed, include it as a part of the authentication token response it sends to your application.
Azure AD B2C uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and SAML. It integrates with most modern applications and commercial off-the-shelf software.
Azure AD B2C is a white-label authentication solution. You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications.
Azure AD B2C provides a directory that can hold 100 custom attributes per user. However, you can also integrate with external systems. For example, use Azure AD B2C for authentication, but delegate to an external customer relationship management (CRM) or customer loyalty database as the source of truth for customer data.
Also, Azure Active Directory (B2C) allows users to authenticate with external identity providers e.g. facebook, twitter, google, etc.
Summary
Azure AD B2B is for businesses that want to securely share files and resources with external users so they can collaborate. While Azure AD B2C is primarily for businesses and developers that create customer-facing apps.
I hope you enjoyed this article. Let me know your thoughts.
