Can i use Azure AD B2B collaboration together with Azure AD B2C within one tenant?
For external customers we will use Azure AD B2B to login in and for external users (from custom domains i.e. Hotmail.com, Outlook.com) we would like to use Azure AD B2C to log on.
So, one tenant with Azure AD B2B extension and Azure B2C extension coexisting.
We’re still considering this, and would love to hear your scenarios for this combination. Please add comments to give us more details.
Artur Anbild commented
MY company has a large network of customers, vendors and contractors. We decided to use Azure B2B as the main federation mechanism, but we have a strong need to support social logins as well. Combination of B2B and B2C in one tenant would be ideal in our case.
I would also like to see this.
Azure B2B is great for partners with a properly configured AAD Tenant.
However many organisations do not have this. Using B2B then just in time provisions accounts for these user. These creates an account where no one is owning the JML process. (We assume the guests organizational will manage it, that organization has no idea the account exists)
B2C, with custom policies, gives us more control over re-certification and approval processes.
It would be great to use B2C to login to office365 and enterprise applications registered in an organization AAD
Alex Bedig commented
One use case is streamlining the migration from an internal app to a customer-facing one. As it stands today, there are different customer records and a migration and synchronization process between the two tenants that must be addressed by the developer, i.e. it is not "you have users in your directory, now we can create a different authentication path and support the same user accounts via configuration." This would reduce friction in using B2B's invitation system as an entry point for partners while doing early betas (super easy to get started), prior to rolling out with B2C as the primary front door to the commercial offering.
Neil G. commented
Or alternatively if we could use the Office 365 azure primary tenant AD for Org based auth and B2B user auth, and then Trust/Link to a 2nd azure AD in same tenant for B2C.
Or if the Primary Azure AD could use B2B to invite security groups in the B2C AD....
Something like that would work for me.