-1

I'm a little bit confused if idea for my SAAS project would require Azure B2C or B2B implementation.

Platform which I'm working on have multiple roles, e.g dev (which allows managing API keys and similar developer related content for integration), editor (some content management) and admin account (user management). My idea is to allow "admin" user to sign-up for a "company" profile, and that he can create\invite other users within their organization and to assign them proper roles (developer or editor role in this case), so that when they login they can see and do only things which are relevant to their roles.

From what I saw, sign-up process with B2C would be relatively simple for this admin user. However, when it comes to new users invite, I saw this: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning

Common scenarios include provisioning an Azure AD user into SaaS applications

I'm not sure if this is something which belongs to Azure B2C or this is just under "standard" Azure AD.

Also for B2B I saw this: https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

So I'm a bit confused for this scenario which I described above do I need Azure B2C or B2B integration, and what would be the simples yet elegant way of allowing these additional user invites within the "company" with different roles?

Wile E. Coyote
  • 1

1 Answers1

0

The important decision point for you is: can any user just come to your app and make an account? If yes, then B2C is a good choice. To me it sounds like the invitations you are thinking of don't need B2C to be involved in that process. You can handle the invitations/roles/companies within your app and use B2C as purely an identity provider.

juunas
  • 54,244
  • 13
  • 113
  • 149
  • Just to add: You can use B2C to handle the invite via invitation or magic link. There are examples of both in the samples: https://github.com/azure-ad-b2c/samples. However, the roles you mention are best kept in a separate DB that B2C can access via REST API. – rbrayb Jun 13 '22 at 09:05
  • @rbrayb thanks for the link, what would you recommend for using roles part and "grouping" within the same company profile? Did you mean to have it in some custom attributes which is associated with user or to have some separate mapping in my DB where I would have pairs like - ? – Wile E. Coyote Jun 13 '22 at 09:18
  • Thanks Rory :) Usually you would keep roles in the DB like you said. – juunas Jun 13 '22 at 10:04