I am building an application which will use Azure B2C as the identity system. It will include some local accounts, and some federated accounts for Enterprise SSO logins.
The application will have “application tenants”, representing customer organization/company.
I’d like a user to be able to grant users access to one or more application tenants (in case some users will manage multiple company accounts within the app).
There will also be multiple roles within the app (e.g. read only, full admin).
What is the recommended way to map a B2C User to “app tenants” and roles?
- Create AAD group per tenant and role and check membership?
- Custom attribute for tenantid(s)?
- Or must I map users to tenants & roles in app DB/ outside of B2C?
Is this scenario described in any docs that might point me in the right direction?
Thanks!
