Azure AD B2B and B2C Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
>> Hello, cyberians.
00:00
Welcome to Lesson 1.11 of this AZ-301 course.
00:00
This lesson is a continuation of the previous lesson.
00:00
I'll pick up from where I stopped in the last video
00:00
and I'll talk about Azure AD B2C.
00:00
One of the first things to recognize
00:00
about Azure AD B2C is that
00:00
this is actually
00:00
a separate product offering from Azure AD.
00:00
This is not Azure AD itself.
00:00
You can go to the Azure portal,
00:00
type in create a new service or create a new resource,
00:00
and you can create a new resource
00:00
called Azure AD B2C tenant.
00:00
It's different from Azure AD tenant.
00:00
It's about customer-facing web and mobile applications.
00:00
That's regardless of where they're hosted.
00:00
You have a customer-facing web application,
00:00
a customer-facing mobile application.
00:00
You don't need to build
00:00
your own identity provider by yourself.
00:00
What you can do is you can take advantage
00:00
of Azure AD B2C as
00:00
the identity provider
00:00
for your customer-facing applications.
00:00
That's regardless of where they're hosted.
00:00
This is not just limited to
00:00
applications that you're hosting in Azure,
00:00
either on virtual machines in Azure or you're
00:00
hosting in Azure App Service or Azure Functions.
00:00
This actually applies to
00:00
applications that you're hosting anywhere,
00:00
as long as it's HTTPS,
00:00
HTTPSHTTPS access between Azure AD B2C,
00:00
and wherever the application is hosted,
00:00
you can use Azure AD B2C as
00:00
the identity provider for that.
00:00
This is primarily a solution for businesses and
00:00
developers that create customer-facing application.
00:00
Unlike in the case of B2B,
00:00
which is more about collaboration between
00:00
business partners or
00:00
different organizations that work together.
00:00
One of the main distinguishing functionalities of
00:00
Azure AD B2C is that users can
00:00
use their existing social identities
00:00
in your Azure AD B2C.
00:00
In other words, a user, once you have
00:00
a customer-facing application that's
00:00
hosting your e-commerce websites,
00:00
you want to just have an identity
00:00
when they're interacting with
00:00
you to be able to purchase your products or services.
00:00
You may not want them to sign up from scratch.
00:00
They have existing social identities,
00:00
that way you can collect any information from.
00:00
You can enable that and allow them to use
00:00
the existing social identities like
00:00
>> Facebook and Twitter,
00:00
>> and Google and others.
00:00
User provisioning is done by the users themselves.
00:00
One of the ways that Azure AD B2C works is,
00:00
it allows you to create
00:00
a sign-up flow and a sign in
00:00
>> flow that you can integrate
00:00
>> with your application so that whenever
00:00
users goes to access your application,
00:00
it can tie in with the sign-up flow or with
00:00
the sign-in flow where Azure AD B2C can
00:00
either cause them to the sign-up maybe using
00:00
the existing social identity or create new identity,
00:00
or a sign-in flow where they could authenticate.
00:00
To give a quick, much more information about this,
00:00
it's about app developers again.
00:00
It's an identity provider for
00:00
web applications and
00:00
enterprise web and mobile applications.
00:00
It also has support for MFA.
00:00
You can allow users to be able to do
00:00
multi-factor authentication against your environment.
00:00
You can create custom user attributes in
00:00
terms of the information that you
00:00
can collect from the users
00:00
and what's going to be restored
00:00
>> in the identity provider.
00:00
>> Then you can customize your pages.
00:00
For example, when they see
00:00
the sign-up or the sign-in page,
00:00
it's not a boring just Microsoft-looking default page.
00:00
You can customize the pages with your HTML and CSS.
00:00
In terms of the identity providers,
00:00
it support audio identity providers
00:00
that you are looking at on the screen here.
00:00
Microsoft, Facebook, Linked In, Twitter,
00:00
Google, Weibo, and others.
00:00
One of the other things that they've also added is
00:00
direct federation support where you
00:00
can actually add support for
00:00
any identity provider that
00:00
supports any of these
00:00
open standards that you're looking at.
00:00
Or ought to OpenID Connect,
00:00
SAML version 2,
00:00
and JSON, where you can actually do
00:00
a direct federation with that identity provider.
00:00
That opens it up to essentially anything.
00:00
For example, you could do a federation between
00:00
Azure AD B2C and Azure AD B2B. That's possible now.
00:00
Some quick information about
00:00
architectural concentrations of Azure AD B2C.
00:00
Azure AD B2C is a pay-as-you-go service.
00:00
Remember that Azure AD,
00:00
it's based on licensing per user,
00:00
and you can buy it as a
00:00
stand-alone add-on license or as part of a bundle.
00:00
Azure AD B2C, on the other hand,
00:00
is a pay-as-you-go service.
00:00
Likewise, if you create an external application,
00:00
you have no idea how many users
00:00
could decide to sign up for your application.
00:00
It's not on a per-user basis,
00:00
it's on a pay-as-you-go basis.
00:00
It's based on the number of authentications that
00:00
are done against your Azure AD B2C tenants.
00:00
There's localization support for 26 languages.
00:00
In other words, you can change
00:00
the localization so users have
00:00
a much more local interaction
00:00
with the servers when they're signing up or signing in.
00:00
Social identities information collection scope
00:00
cannot be extended beyond the default scope.
00:00
What this means is, this a privacy thing.
00:00
You've probably heard in
00:00
the news about things like people are
00:00
abusing integration
00:00
with different social identities
00:00
>> to collect information.
00:00
>> For example, I cannot use
00:00
the Facebook social identity integration
00:00
of Azure AD B2C to start
00:00
collecting information about your friends.
00:00
It cannot be extended beyond the default scope off,
00:00
which is essentially the only
00:00
>> thing you are collecting is
00:00
>> email and basic profiling information.
00:00
Not things like what you've liked,
00:00
what you've disliked and
00:00
your friends and all the other stuff.
00:00
Quick summary of what we've covered in this video.
00:00
We'll start by giving an overview of
00:00
Azure AD B2B and Azure AD B2C,
00:00
give you some information about
00:00
Azure AD B2B and some architectural considerations,
00:00
and some information about
00:00
Azure AD B2C and some architectural considerations.
00:00
What I'll do is, in the next lesson,
00:00
I'll go ahead and show you a demonstration
00:00
of Azure AD B2B.
00:00
I'll see you in the next lesson.
00:00
Quiz question number 1.
00:00
Your organization has decided to partner with
00:00
another organization that does software development.
00:00
They have five developers in
00:00
the partner organization that
00:00
we'll be working on your projects.
00:00
You need to grant them
00:00
contributor permissions to one
00:00
of your Azure subscription.
00:00
Your solution should minimize management overhead.
00:00
What should you do?
00:00
Option 1, configure an organization
00:00
relationship between both organizations,
00:00
Azure AD tenants.
00:00
Option 2, create guest accounts for
00:00
the developers in your Azure AD tenant.
00:00
Option 3, configure a forest trust
00:00
between the on-premises
00:00
Active Directory Forests of both organizations.
00:00
If you selected Option 2,
00:00
create guest accounts for the developers in
00:00
your Azure AD tenants, you'd be correct.
00:00
If the five developers need
00:00
access to your Azure subscription,
00:00
that trust your Azure AD tenant,
00:00
or uses it as the identity provider,
00:00
what you can do is you
00:00
>> can just create guest account for
00:00
>> those developers in your Azure AD tenant,
00:00
and that's Azure AD B2B.
00:00
Quiz question number 2.
00:00
You have a customer-facing application
00:00
hosted in Azure web app.
00:00
You need to implement authentication
00:00
that allows the external users of
00:00
the web app to sign up
00:00
using their existing social identities.
00:00
What solution would you recommend?
00:00
Option 1, implement Azure AD guests user access.
00:00
Option 2, implement Azure AD B2C.
00:00
Option 3, implement Azure ADDS.
00:00
If you selected Option 2,
00:00
implement Azure AD B2C, you would be correct,
00:00
because Azure AD B2C allows
00:00
>> you to configure users to use
00:00
>> their existing social identities to access
00:00
your customer-facing application
00:00
regardless of what it's hosted.
00:00
Quick information about some supplementary materials.
00:00
That's the link to the documentation of Azure AD B2B,
00:00
and that's the link to the
00:00
>> documentation of Azure AD B2C.
00:00
>> This brings me to the hand of this lesson.
00:00
Thanks very much for watching.
00:00
I'll see you in the next lesson.
Up Next