We plan to use Azure AD for our workforce users. We also have few applications for our customers. The sales team usually reaches out to a specific team who creates customer accounts to our current environment.
Few questions:
a. Is Azure AD B2C right to use for the customer applications? What I mean is should we use B2C only when the application is like a shopping application or something where we talk about huge number of users who self-registers and perform all activities.
b. We do not need self-registration, but we want our customers to verify and confirm their email address. How do we achieve that?
c. Does Azure AD B2C support accepting terms and conditions at the time of login? I know Azure AD conditional access policy does.
d. If an on-prem application supports OAuth 2.0, is there anything still need to be updated in the app to integrate with Azure AD B2C? Is the integration approach any different than Azure AD?
e. Can we have more than one application in one Azure AD B2C tenant? Can we have separate sign-up or sign-in flow for individual applications?
f. Is there a way to sync password from Azure AD B2C to a LDAP server? we want to use Azure AD B2C SSPR.
a) B2C is designed for any non-corporate application i.e. users are not domain-joined. The number of users doesn't matter.
For what follows, you need to use custom policies.
b) Yes, you can have a sign-up flow that simply asks for email and verifies it.
c) Yes, see here. There are a number of samples there. Well worth looking at.
d) It depends on what OAuth stack the on-premises app. uses. Ideally, the app. would use the MSAL stack. It's similar to Azure AD but there is an extra parameter for the policy.
e) Yes and yes.
f) Yes, you can call a REST API that talks to the LDAP server. However, the out of the box B2C SSPR resets the password in B2C. Not sure why you need LDAP? B2C does not support AAD Connect.