question

ChrisOng-9184 avatar image
0 Votes"
ChrisOng-9184 asked ChrisOng-9184 answered

Granting access to 3rd parties outside of my Azure AD with applications that authenticate through Kerberos

I need to provide access to an application that sits on a VM in Azure that belongs to my company domain to 3 parties that do not belong to my company. The said application requires authentication through Kerberos. Internally, I would be able to get this to work by syncing the Azure AD to my on-prem AD and Azure AD Domain services to my on-prem domain.

Now that I need to provide access to 3rd parties outside of my Azure AD, what are the methods available, keeping in mind that the application requires Kerberos authentication? Also, I would like to limit the number of users that I would need to create in Azure AD for the 3rd parties.

I've seen that there is a preview for Kerberos authentication on Azure AD and also there is the Azure B2C but I can't seem to be able to piece them together to understand how they would be able to manage the access to the application.

Thanks for the help in advance!

azure-ad-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

soysoliscarlos avatar image
1 Vote"
soysoliscarlos answered soysoliscarlos commented

Hi @ChrisOng-9184

Thank you for asking this question on the Microsoft Q&A Platform.

Definitely, the way to allow third parties is to use Azure AD B2C.

You cannot merge the users between Azure AD and Azure AD B2C.

I had a similar case, and what we did was adapt the application to have one login page for Azure AD user (my company users); and another login page for Azure AD B2C (for third parties)

Hope this helps,
Carlos Solís Salazar

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

NOTE: To answer you as quickly as possible, please mention me in your reply.


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soysoliscarlos avatar image soysoliscarlos ·

@ChrisOng-9184, you can Accept Answer and Upvote, if the above response helped answer your query, others visiting the forum with the same query might get help.

NOTE: To answer you as quickly as possible, please mention me in your reply.

[1]: https://www.soysoliscarlos.com

0 Votes 0 ·
ChrisOng-9184 avatar image
0 Votes"
ChrisOng-9184 answered

Hi @soysoliscarlos , thanks for your response. I'm wondering how the Azure B2C works in terms of getting the permissions required to authenticate with the application that requires Kerberos.

For example, you create a user account on Azure AD B2C. On-prem Microsoft AD requires a user to authenticate with the Kerberos application. How does the user account get linked to the on-prem Microsoft AD to provide the token to authenticate with the application via Kerberos? Do you require Azure AD as a go-between to facilitate this?
Sorry I'm very new to this so I'm not able to visualize how the process in between when the user logs on through Azure AD B2C until it arrives at the application.

Thank you!

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.