Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matthew Levy https://mattchatt.co.za/blog Azure AD B2B vs B2C Matthew Levy https://mattchatt.co.za/blog.

Published byGeorges Beauregard Modified over 6 years ago

Similar presentations

Presentation on theme: "Matthew Levy https://mattchatt.co.za/blog Azure AD B2B vs B2C Matthew Levy https://mattchatt.co.za/blog."— Presentation transcript:

1 Matthew Levy https://mattchatt.co.za/blog
Azure AD B2B vs B2C Matthew Levy

2 Identity Microsoft: Google+ LinkedIn Facebook Amazon Twitter WeChat
Azure AD Account Microsoft Account (Hotmail, Xbox LIVE, etc.) AD (X.500) Google+ LinkedIn Facebook Amazon Twitter WeChat Your online identity is established when you register. During registration, some attributes are collected and stored in the database. The registration process can be quite different depending on what kind of digital identity you will be issued. A unique attribute differentiates us from other online users. Such an attribute could be an address, phone number, or a South African ID number. We get attributes from our employers in the form of titles, in which business unit we belong to, roles that we have in projects, or in the organization hierarchy. Authentication = Prove you are who you say you are Attribute = Authorization Authentication != Authorization

3 IDaaS Identity as a Service Azure AD – Identity Management
Azure AD – Access Management Azure AD is a multi-customer public directory service, IAM for your cloud servers and applications such as Office 365. Users and groups are created in a flat structure without OUs or GPOs. Authentication protocols such as SAML, WS-Federation, and OAuth. It's possible to query Azure AD, but instead of using LDAP you must use a REST API called AD Graph API. 

4 What is Azure AD B2B? Business-to-business (B2B) – Collaboration with any partner organization, small or large. With or without Azure AD. Partners use their own credentials. Provide access to Enterprise apps or data If the user doesn’t have a Microsoft account or an Azure AD account – one is created for them seamlessly at the time of offer redemption. "shadow" tenant

5 Ways to create a guest Add Guests in the Azure AD portal (Admins) PowerShell (Admins) Non-administrators can use the Azure AD Application Access Panel External sharing in Office 365 (OneDrive/SharePoint) Use B2B collaboration APIs to customize onboarding experiences. Check out the sample code for self service on GitHub Check out the sample code for self service on GitHub

6 What is Azure AD B2C Business-to-consumer (B2C) – Allows you to control (and customize) how customers sign up, sign in and manage their profiles when using your applications. Applications can be mobile apps, web apps. Customers can sign in with specific identity providers (specified in B2C) Any social ID with direct federation Supports OpenID Connect - (Identity, Authentication) + OAuth 2.0 = OpenID Connect Protects your application from DOS and BF Password attacks. Azure AD and Azure AD B2C are separate product offerings and cannot coexist in the same tenant

7 Social Identity Providers
Facebook Google+ LinkedIn Amazon Twitter (preview) WeChat (preview) Weibo (preview) QQ (preview)

8 Microsoft Identity Providers
Microsoft Account (MSA aka Microsoft Passport aka Windows Live ID) Local account ( address or username in B2C directory) Azure AD account GitHub Custom OpenID Connect ID provider

9 Identity Experience Framework
A fully configurable, policy-driven, cloud-based Azure platform that orchestrates trust between entities (broadly Claims Providers) in standard protocol formats such as OpenIDConnect, OAuth, SAML, WSFed, and a few non-standard ones (for example REST API-based system-to-system claims exchanges).

10 B2B vs B2C B2B collaboration capabilities
Azure AD B2C stand-alone offering Intended for: Organizations that want to be able to authenticate users from a partner organization, regardless of identity provider. Intended for: Inviting customers of your mobile and web apps, whether individuals, institutional or organizational customers into your Azure AD. Identities supported: Employees with work or school accounts, partners with work or school accounts, or any address. Soon to support direct federation. Identities supported: Consumer users with local application accounts (any address or user name) or any supported social identity with direct federation. Which directory the partner users are in: Partner users from the external organization are managed in the same directory as employees, but annotated specially. They can be managed the same way as employees, can be added to the same groups, and so on Which directory the customer user entities are in: In the application directory. Managed separately from the organization’s employee and partner directory (if any. Single sign-on (SSO) to all Azure AD-connected apps is supported. For example, you can provide access to Office 365 or on-premises apps, and to other SaaS apps such as Salesforce or Workday. SSO to customer owned apps within the Azure AD B2C tenants is supported. SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps is not supported. Partner lifecycle: Managed by the host/inviting organization. Customer lifecycle: Self-serve or managed by the application. Security policy and compliance: Managed by the host/inviting organization. Security policy and compliance: Managed by the application. Branding: Host/inviting organization’s brand is used. Branding: Managed by application. Typically tends to be product branded, with the organization fading into the background. B2B collaboration capabilities Azure AD B2C stand-alone offering Intended for: Organizations that want to be able to authenticate users from a partner organization, regardless of identity provider. Intended for: Inviting customers of your mobile and web apps, whether individuals, institutional or organizational customers into your Azure AD. Identities supported: Employees with work or school accounts, partners with work or school accounts, or any address. Soon to support direct federation. Identities supported: Consumer users with local application accounts (any address or user name) or any supported social identity with direct federation. Which directory the partner users are in: Partner users from the external organization are managed in the same directory as employees, but annotated specially. They can be managed the same way as employees, can be added to the same groups, and so on Which directory the customer user entities are in: In the application directory. Managed separately from the organization’s employee and partner directory (if any. Single sign-on (SSO) to all Azure AD-connected apps is supported. For example, you can provide access to Office 365 or on-premises apps, and to other SaaS apps such as Salesforce or Workday. SSO to customer owned apps within the Azure AD B2C tenants is supported. SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps is not supported. Partner lifecycle: Managed by the host/inviting organization. Customer lifecycle: Self-serve or managed by the application. Security policy and compliance: Managed by the host/inviting organization. Security policy and compliance: Managed by the application. Branding: Host/inviting organization’s brand is used. Branding: Managed by application. Typically tends to be product branded, with the organization fading into the background.

11 More Info B2B What is Azure AD B2B collaboration?
Azure Active Directory B2B collaboration FAQs B2B Session at Ignite 2017 B2C Azure AD B2C: Frequently asked questions (FAQ) Azure Active Directory B2C: Custom policies Azure Active Directory B2C: OAuth 2.0 authorization code flow

12 Contact Details Contact me Matthew@nbconsult.co.za @skrod
mattchatt.co.za linkedin.com/in/matthew-levy-170bbb21

Download ppt "Matthew Levy https://mattchatt.co.za/blog Azure AD B2B vs B2C Matthew Levy https://mattchatt.co.za/blog."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Private Cloud (on & off premises) Hybrid CloudPublic Cloud SaaS PaaS IaaS Microsoft’s Online service portfolio Office 365 Microsoft‘s communication.

Private Cloud (on & off premises) Hybrid CloudPublic Cloud SaaS PaaS IaaS Microsoft’s Online service portfolio Office 365 Microsoft‘s communication.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Active Directory federation user provisioning.

Active Directory federation user provisioning.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory federation user provisioning.

Active Directory federation user provisioning.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps.

Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps.
101 ways to authenticate with Azure Active Directory

101 ways to authenticate with Azure Active Directory
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Similar presentations

Ads by Google